Aug 7, 2019 3:15 PM
Starting today, we're including an additional header with any requests sent from HubSpot. This header, named X-HubSpot-Signature-Version, will indicate which version of the signature is included in this request. This new header will make it easier to determine which method should be used to validate the request signature included in the X-HubSpot-Signature header. This will also make it possible to programmatically determine which validation method should be used for any given request.
This header will be included for requests sent by HubSpot, including requests made for webhooks, CRM Extensions, and Workflow Extensions.
Please note: The method used to validate the request signature is not changing for any requests. The existing method that you're using to validate the signature should still be used for any requests you're currently receiving from HubSpot. This change only adds an additional header that can be used to programmatically determine which validation method should be used.
The signature versions are defined as follows:
This new header is currently live.
If you have any questions please let us know by replying to this forum thread.