Translation pending — read in English.
Voir la référence API →Translation pending — read in English.
Translation pending — read in English.
Translation pending — read in English.
Translation pending — read in English.
http
X-GA-Webhook-Delivery: <uuid> X-GA-Webhook-Timestamp: 2026-05-28T12:03:11Z X-GA-Webhook-Signature: sha256=<hex(hmac(secret, rawBody))> Content-Type: application/json
Translation pending — read in English.
js
const crypto = require("crypto");
function verify(rawBody, headerSig, secret) {
const expected =
"sha256=" + crypto.createHmac("sha256", secret)
.update(rawBody)
.digest("hex");
return crypto.timingSafeEqual(
Buffer.from(expected),
Buffer.from(headerSig),
);
}Translation pending — read in English.
py
import hmac, hashlib
def verify(raw_body: bytes, header_sig: str, secret: str) -> bool:
expected = "sha256=" + hmac.new(
secret.encode("utf-8"),
raw_body,
hashlib.sha256,
).hexdigest()
return hmac.compare_digest(expected, header_sig)Translation pending — read in English.
Translation pending — read in English.
bash
Day 0 : primary=A secondary=(none) Day T : rotate -> primary=B secondary=A (72h grace window) Day T+72h: window closes -> primary=B secondary=(none) During the grace window every delivery is signed twice with both A and B (in separate X-GA-Webhook-Signature- headers). Receivers may accept either.
Translation pending — read in English.
Translation pending — read in English.
| Translation pending — read in English. | Translation pending — read in English. |
|---|---|
| 1 | immediate |
| 2 | 1s |
| 3 | 5s |
| 4 | 25s |
| 5 | 125s (~2m) |
| 6 | give up + mark failed |
Translation pending — read in English.
Translation pending — read in English.
bash
curl -X POST \ -H "Authorization: Bearer gaf_pk_<your-token>" \ -H "X-Org-Id: <your-organization-uuid>" \ https://api.gaflight.io/api/v1/public/events/evt_01HZ.../replay
Translation pending — read in English.
Translation pending — read in English.