X-square-signature or x-square-hmacsha256-signature for Webhook signature

Does anybody know what is the correct header name?

The docs say x-square-hmacsha256-signature but the Sandbox log shows x-square-signature?


Hey there! :wave: Either of those headers should work, although we recommend using the hmacsha256 one since it’s more secure. We’re currently doing some work to have both headers show in the logs — sorry for the confusion!

1 Like

Small update here: API Logs should now show both headers! :tada:

1 Like