HMAC Signature Verifier (Webhooks: Stripe, GitHub, Slack)

Webhook providers sign their payloads with HMAC so you can verify the request actually came from them (not a forgery). Stripe sends Stripe-Signature with timestamp + HMAC; GitHub sends X-Hub-Signature-256; Slack uses its own version-prefixed format. This tool implements the verification for each — paste the payload, signature header, and your secret to check authenticity.

Provider

Raw request body (payload)

Signature header value

Webhook secret

How to use the HMAC Signature Verifier (Webhooks: Stripe, GitHub, Slack)

Pick the provider. Paste the raw request body (exact bytes — Stripe / GitHub / Slack all use the unparsed body), the signature header value, and your webhook secret. The tool computes the expected HMAC and compares.

For Slack, you also need the timestamp from the X-Slack-Request-Timestamp header.

HMAC Signature Verifier (Webhooks: Stripe, GitHub, Slack)

How to use the HMAC Signature Verifier (Webhooks: Stripe, GitHub, Slack)

Related tools