> For the complete documentation index, see [llms.txt](https://developers.usetoggle.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://developers.usetoggle.com/webhooks/overview/authentication-and-responses.md). # Authentication & responses ### Webhooks secret A webhook secret is a key used to calculate the `HTTP_TOGGLE_SIGNATURE` and is passed in the header of every request. This adds a security layer between the two apps (Toggle and your App) to make sure the payload that you receive has not been tampered with. The signature is a hash of the entire payload, signed using the signing secret that we have supplied to you. Every request received by your application should compare this signature to your own, in order to ensure that it is not fraudulent. The secret will be provided by the Toggle support team when you first set up a web hook with us. ### Handling requests Before accepting any webhook sent to you, you should verify it by checking the hashed contents. The following example (in PHP) is how you could calculate the secret and check the payload. ```php function verifySignature($signingSecret, $payload) { $sig_header = $_SERVER['HTTP_TOGGLE_SIGNATURE']; $computedSignature = hash_hmac('sha256', $payload, $signingSecret); return hash_equals($sig_header, $computedSignature); } ``` ### Response and attempts We will expect a 200 response from your server. In case of failure we will attempt to dispatch the web hook **another 3 times** before giving up. In order to prevent timeouts, we recommend that your server responds to webhook events prior to any logic being executed. We will disable your endpoint if we receive invalid responses from your server over consecutive days. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://developers.usetoggle.com/webhooks/overview/authentication-and-responses.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.