2 min read
Definition
The Credicorp-Signature header is how you prove a webhook is genuine. It carries the timestamp the signature was made and the HMAC of {t}.{rawbody}. You recompute the HMAC with your signing secret and compare in constant time, rejecting anything outside the 300-second tolerance. Multiple v1= values can appear during a secret rotation. See signature verification.
Frequently asked questions
Why multiple v1 values?
During a secret rotation, deliveries are signed with both the old and new secret so you never miss one. A match on any v1= is valid.
Funding for UK limited companies
Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.