Secure Your Outbound Webhooks with HMAC Signatures
All Quiet now supports HMAC-SHA256 request signing for outbound webhooks. This update allows your receiving services to verify that every delivery is authentic and untampered.
Published: Friday, 10 April 2026
All Quiet now supports HMAC-SHA256 request signing for outbound webhooks. This update allows your receiving services to verify that every delivery is authentic and untampered.
By signing the raw request body with a shared secret, we ensure your integrations remain secure at the edge, whether you use API gateways, serverless workers, or custom ingestion services.
Signing Options
We provide two formats to match your existing infrastructure:
| Format | Description |
|---|---|
| All Quiet Signature | Uses a standard HMAC-SHA256 hash of the raw request body for native integrations. |
| Amazon Signature | Uses an Amazon-compatible HMAC variant for tools expecting AWS-style verification. |
Key Security Benefits
- Verify Authenticity: Confirm that the webhook originated from All Quiet.
- Ensure Integrity: Detect if a third party altered the payload during transit.
- Prevent Spoofing: Block unauthorized requests before they reach your internal logic.
You can configure these signatures within your integrations settings. For technical details on implementation, visit our documentation.
More updates
-
Simplified JSON Payload Mapping with \\\\
We’ve introduced the Expand key for payload mapping, making it easier to turn complex JSON blobs into individual incident attributes.
-
New Date Filter for Incident List
Data Precision with Date Filters Filter your incidents by specific date ranges to focus on the exact window you need. This tool helps teams analyze incident bursts and validate reporting periods.
Product
Solutions
Compare
Resources
