WEDNESDAY, JULY 8, 2026 48° E  /  GLOBAL TECH · SUMMARISED SUBSCRIBE
AI, business, devices, policy — global tech, summarised every 30 minutes.
Dev Tools · 1h ago

HubSpot Webhook Signatures: How to Verify v3 Correctly

By Meridian48 News Desk · Summarised from DEV Community ·

HubSpot has shipped three webhook signature schemes, with v3 being the recommended one. v3 uses HMAC-SHA256 over the method, full URI, raw body, and timestamp, with Base64 encoding. Common mistakes include re-serializing JSON, not normalizing the URI, and comparing hex to Base64.

Meridian48 take
The post is a practical guide, but the real takeaway is that HubSpot's legacy v1 and v2 schemes lack replay protection, making v3 essential for secure integrations.
Read the full reporting
How to Verify HubSpot Webhook Signatures (v1, v2, and the v3 You Should Actually Use) →
DEV Community
hubspotwebhook-security
More dev tools briefs
Go deeper on dev tools
AllAIStartupsBusinessDevicesPolicySecurityDev ToolsPakistan