Each event payload is a JSON object with properties event and data objects. The event object holds the event, and the data property holds a representation of the resource at the time the event was issued.
Each webhook HTTP request includes a X-Rootly-Signature header, used to verify the request came from Rootly. The signature header contains a timestamp prefixed with t= and a signature prefixed with v= .
To verify the request, concatenate the timestamp with the request body and generate a SHA256 HMAC digest using the webhook secret available in the webhook configuration. The HMAC digest should match the provided signature.