Webhook Event Verification? Vapi AI #support

Webhook Event Verification?

statusnow

06/28/2025, 5:43 PM

Hello! I didn't see it in the documentation anywhere, but how do you verify that webhooks events that POST to your server are actually sent from Vapi? For example with Zoom, the Zoom API sends a header with each request you can use to verify the header of the POST request. https://developers.zoom.us/docs/api/webhooks/#verify-webhook-events I didn't see any verification in the node server example git repo either.

statusnow

06/29/2025, 12:38 AM

Nevermind, I found this page: https://docs.vapi.ai/server-url/server-authentication However the keys page referenecd in oauth 2 section, https://docs.vapi.ai/server-url/server-authentication#oauth2-authentication, goes to a broken link. I think I found it in https://dashboard.vapi.ai/settings/integrations and see the HMAC authentication

Kings Big

07/01/2025, 5:27 AM

Hi statusnow, To verify that webhook events are sent from Vapi, you can use secret token authentication. Vapi includes a secret token in the

X-Vapi-Signature

header of each request. You can configure your server to check for this token to ensure the request is from Vapi. Here's a sample configuration for secret token authentication:

Copy code

json
{
  "server": {
    "url": "https://your-server.com/webhook",
    "secret": "your-secret-token"
  }
}

Make sure your server checks the

X-Vapi-Signature

header value against the secret token you have set [here](https://docs.vapi.ai/server-url/server-authentication).

Previous Next