It is a best practice to test and validate the webhooks before their usage.

## Test Webhooks

You can create an endpoint url and test webhooks using tools like [](🔗) or create a tunnel to your localhost using tools such as [ngrok](🔗).

## Validate Webhooks

Here are the steps to verify webhooks:

  1. Get the payload from the webhook endpoint.

  2. Generate the signature.

  3. Verify the signature.

You can look at the sample code in the below repository in different languages.

Please note: The payload mentioned here refers to the raw JSON body, not the parsed body.

### Webhook Signature

Use the signature to verify if the request has not been tampered with. To verify the signature at your end, you need your Cashfree Payment Gateway secret key along with the payload.

  • The timestamp is present in the header `x-webhook-timestamp`.

  • The actual signature is present in the header `x-webhook-signature`.

The signature creation logic is as below:

## Sample Code

### Fetch The Raw JSON and Headers

### Compute Signature and Verify