Validating requests from HubSpot

To ensure that the requests that your integration is receiving from HubSpot are actually coming from HubSpot, we populate two headers: X-HubSpot-Signature and X-HubSpot-Signature-Version.

The X-HubSpot-Signature header will contain the signature that will need to be verified. The method used to verify the signature will depend on the version of the signature.

The X-HubSpot-Signature-Version header will contain a version number, i.e. v2, that will indicate which method should be used to verify the signature included in X-HubSpot-Signature.

See the documentation pages below for details on verifying the different versions of the signature.

Validating the v1 request signature
Validating the v2 request signature