# HMAC Verification

We strongly recommend verifying each webhook request using [Hash-based Message Authentication Code](https://en.wikipedia.org/wiki/HMAC) (HMAC) signatures to protect your server from unauthorized webhook events. Each event will include a signature calculated using a secret HMAC key (provided to you on webhook configuration) and the payload from the webhook. Verifying this signature confirms that the webhook event was sent by Rentalcover and remained unaltered during transmission.

**Example code on how to validate HMAC signature.**

```php
<?php

// Provided to you when configuring webhook
$secret = 'Shared HMAC Key';

// Get the request body (payload)
$requestBody = file_get_contents('php://input');

// Get the HMAC signature sent in the header
$receivedHMAC = $_SERVER['HTTP_X_SIGNATURE'] ?? '';

// Calculate the expected HMAC using the shared secret and the payload sent
$calculatedHMAC = hash_hmac('sha256', $requestBody, $secret);

// Verify that the received signature matches the expected signature
if (hash_equals($calculatedHMAC, $receivedHMAC)) {
    // Signature is valid, process the webhook payload
    $data = json_decode($payload, true);
    // Handle the webhook data as needed
    http_response_code(200);
    echo 'Webhook verified and processed';
} else {
    // Invalid signature
    http_response_code(400);
    echo 'Invalid signature';
}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://partner-docs.covergenius.com/rentalcover/webhook/hmac-verification.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.