Authorization and Security

Every webhook event sent to your URL contains two headers.

  • x-prembly-signature: This is a base64 encoding of your public key
  • token: This is a unique verification reference generated by Identitypass

Note: these two headers can be used to verify that the data coming to the endpoint are from our system and we also recommend you verify the host of every request and make sure it is coming from our API BASE URL.