You receive webhook requests with a signature header in the format 'sha256=abcdef1234567890'. How should you verify this signature correctly in Python?

hard📝 Application Q8 of 15

Rest API - Webhooks and Events

AExtract the hex digest after 'sha256=', compute HMAC SHA256 of payload, then use hmac.compare_digest() to compare

BCompare the entire header string directly with the computed HMAC digest

CUse hashlib.md5 to compute the digest and compare with the header

DIgnore the prefix and compare the base64 encoded signature with the payload

Step-by-Step Solution

Solution:

Step 1: Parse signature header
Extract the part after 'sha256=' to get the hex digest string.
Step 2: Compute HMAC
Compute the HMAC SHA256 digest of the payload using the shared secret key.
Step 3: Compare securely
Use hmac.compare_digest() to securely compare the computed digest with the extracted signature.
Final Answer:
Extract hex digest, compute HMAC SHA256, then compare with compare_digest() -> Option A
Quick Check:
Strip prefix, compute sha256 HMAC, compare securely [OK]

Quick Trick: Strip prefix, compute sha256 HMAC, compare securely [OK]

Common Mistakes:

MISTAKES

Comparing full header string including prefix
Using wrong hash algorithm like md5
Comparing base64 with hex digest
Not using timing-safe comparison

Master "Webhooks and Events" in Rest API

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions

More Rest API Quizzes

You receive webhook requests with a signature header in the format 'sha256=abcdef1234567890'. How should you verify this signature correctly in Python?

Step 1: Parse signature header

Step 2: Compute HMAC

Step 3: Compare securely

Final Answer:

Quick Check:

Want More Practice?