> ## Documentation Index > Fetch the complete documentation index at: https://docs.imprint.co/llms.txt > Use this file to discover all available pages before exploring further. # Verify event signature > Secure transmission using the event signature header Imprint provides signed webhooks to ensure authenticity and verify that the webhook requests originate from our servers. You'll receive a unique event signing token while enrolling in event notifications, and each event request includes a signature in the `X-IMPRINT-HMAC-SIGNATURE` header. ## Header Format The `X-IMPRINT-HMAC-SIGNATURE` header consists of two parts: * **Timestamp (`t`)** – the time the request was sent, represented as milliseconds since January 1, 1970 (Unix epoch). * **Signature (`s`)** – the cryptographic hash used to verify the request. These values are separated by a comma, as shown in the example below: ```plaintext theme={null} t=1740779129,s=d3d12f37e9ccb686313322da672c3dbc19176d2bfbd29f987923b5784cd6ae7d ``` ## Verify signature * Split the `X-IMPRINT-HMAC-SIGNATURE` header at the comma (`,`), which separates the timestamp and signature. * Then, split each part at the equals sign (`=`) to extract the respective values. * Concatenate the timestamp , a period (`.`), and the raw POST body as a string ```json theme={null} {"hello": "world", "amount": 5000} ``` and the timestamp is `1723493048949`, the message to sign would be: ``` 1723493048949.{"amount":5000,"hello":"world"} ``` * Use the signing token you were provided during event enrollment (hashed with SHA-256) to generate a Hash-based Message Authentication Code (HMAC). * Apply HMAC using the SHA-256 algorithm to the message created in Step 2. * Compare the computed signature with the s value from the X-IMPRINT-HMAC-SIGNATURE header. * If they match, the request is authentic and was sent by Imprint.