API reference

Error code: webhook_signature_missing

webhook_signature_missing returns HTTP 400 with type: invalid_request_error. A webhook arrived without a signature header. Branch on the code and apply the fix below.

2 min read

400HTTP status
webhook_signature_missingerror.code
FixHandling

What triggers it

A webhook arrived without a signature header. The Credicorp-Signature header was absent — usually a proxy stripping headers.

Example response

{
  "error": {
    "type": "invalid_request_error",
    "code": "webhook_signature_missing",
    "message": "A webhook arrived without a signature header."
  }
}

How to fix it

Reject the request; ensure your proxy forwards the Credicorp-Signature header intact.

This is deterministic; fix the cause before resending. See the error code catalogue for related codes.

In practice

In a well-built client, webhook_signature_missing is handled by branching on error.code rather than on the human error.message, which may be reworded over time. The HTTP status (400) gives the broad invalid_request_error class; the code gives the specifics; and, on field errors, error.param pinpoints the input to fix.

This code is deterministic — retrying the identical request reproduces it — so keep it out of your retry path and instead map it to a clear, actionable message. See Map errors to user-facing messages and Read the error envelope for the pattern.

Frequently asked questions

Is webhook_signature_missing safe to retry?

No. Retrying the identical request reproduces the identical error. Fix the cause first.

Will this code ever change?

No. Error codes are stable contract; only the human message may be reworded.

Do I branch on the code or the HTTP status?

Both — status for retry-or-not, code for the specific behaviour. See the error envelope.

Funding for UK limited companies

Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.