| Name | Type | Description |
|---|---|---|
payload* | bytes | Raw request body bytes (do not decode-then-encode ā must be byte-identical to what Parallel signed). |
webhook_id* | str | Value of the |
webhook_timestamp* | str | Value of the |
webhook_signature* | str | Value of the |
secret* | str | |
tolerance_seconds | int | Default: _DEFAULT_WEBHOOK_TOLERANCE_SECONDS |
Verify a Parallel webhook signature (Standard Webhooks scheme).
Parallel signs webhook payloads using HMAC-SHA256 over
"<webhook-id>.<webhook-timestamp>.<body>", base64-encoded
with padding. The signature is delivered as the webhook-signature
header (possibly with multiple space-delimited v1,<sig> entries).
See https://docs.parallel.ai/resources/webhook-setup.
The verification flow is:
tolerance_seconds from now
(replay protection).v1,<sig> entry in the header.Your webhook signing secret (from the Parallel dashboard).
Reject signatures whose timestamp differs from
time.time() by more than this many seconds. Defaults to 5
minutes (the Standard Webhooks recommendation).