Verifying the authenticity of GitHub webhooks

The scenario checks the signature of every incoming request from the repository and lets only genuine events through, rejecting forgeries.

  • Computes and checks the request signature
  • Lets only genuine events through
  • Rejects forgeries with a refusal
  • Shields the scenario's webhook from foreign calls
Webhook