Merchant General

How to Verify Webhook Signatures in Python

Jan 11, 2026 254 Views

A quick guide to using the hmac library to verify that a payload came from our servers.

payload.js

import hmac, hashlib
signature = hmac.new(secret, payload, hashlib.sha256).hexdigest()

@CityRock007 Jan 11, 11:45

Does the Python hmac implementation support the latest SHA-3 hashing, or should we stick to SHA-256 for maximum compatibility with Servinux nodes?