This page covers verification of payloads from vehicles. Please see our callback verification section for information on how to initially verify your callback uri.
Verify webhook payloads against the SC-Signature header and a SHA-256 based HMAC generated by hashing your application_management_token and the body.
Our backend SDKs have helper methods that return true if the payload is good.
    Smartcar.verify_payload(
        {application_management_token},
        {SC-Signature}, 
        {webhook_body}
    )