# Security To ensure that the webhook requests are genuinely from Magna and have not been tampered with, Magna uses HMAC signatures. Each request sent to your webhook endpoint includes a signature in the `x-magna-signature` header. ### Signature Generation Magna generates the signature using the following process: 1. **Serialize the Request Body:** The JSON payload is stringified. 2. **Create HMAC Hash:** An HMAC SHA1 hash is created using the generated secret. 3. **Format the Signature:** The final signature is prefixed with `sha1=` followed by the hexadecimal representation of the hash. ### Verifying Signatures To verify the integrity and authenticity of the incoming webhook requests, you must calculate the signature on your end and compare it with the `x-magna-signature` header provided in the request. ### TypeScript Signature Calculation ```javascript import crypto from 'crypto'; /** * Calculates the HMAC SHA1 signature for the given request body. * @param body - The request payload received from Magna. * @param secret - The secret generated by Magna for this webhook. * @returns The formatted signature string. */ function calculateSignature(body: unknown, secret: string): string { const hmac = crypto.createHmac('sha1', secret); hmac.update(JSON.stringify(body)); return `sha1=${hmac.digest('hex')}`; } ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.magna.so/magna-api-documentation/webhooks/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.