Security & Verification

Why Verification is Important

Webhook verification ensures that:

Events are actually sent by MOUNTAIN
Event data hasn't been tampered with
Your endpoint isn't being abused by malicious actors

How Verification Works

MOUNTAIN signs each webhook payload with your secret using HMAC-SHA256
The signature is sent in the X-Mountain-Signature header
Your application verifies the signature using the SDK
Only verified events should be processed

Getting Your Webhook Secret

Your webhook secret is provided when you configure webhook settings via the MOUNTAIN API. The secret has the format: mtn_whsec_[base64_encoded_secret]

Next Steps

Understand event structure
See implementation examples
Review best practices

Why Verification is Important​

How Verification Works​

Getting Your Webhook Secret​

Next Steps​

Why Verification is Important

How Verification Works

Getting Your Webhook Secret

Next Steps