June Updates
New Features
Webhook HMAC Signature Verification
We’ve added support for HMAC-SHA256 signatures to further secure your webhook integrations. Here’s what’s new:
-
Signed Webhooks: When you provide an
auth_token
during webhook registration, Method now includes amethod-webhook-signature
header on each webhook request. This signature is an HMAC-SHA256 digest, computed using yourauth_token
as the shared secret and the message format${method-webhook-timestamp}:${raw_payload}
. -
Timestamp Header: Every webhook request now includes a
method-webhook-timestamp
header (UNIX timestamp in seconds), allowing you to validate the freshness of requests and prevent replay attacks. -
Verification: You can verify the webhook by recreating the HMAC digest locally and comparing it using a timing-safe equality check.
For more information, please refer to the Webhook API.
Improvements
Connect API
-
Automatic Execution of Account Products and Subscriptions: You can now optionally include
products
andsubscriptions
arrays in the request body when creating aConnect
for an entity. These will automatically execute upon a successful connection. -
Expand Query Parameter: A new
expand
query parameter has been added to theConnect
object, allowing you to include additional properties within theaccounts
object.
Example Request
Example Request
For more information, please refer to the Connect API and Expanding Resources.
SDK Updates
- Released version 1.2.4 of
method-node
- Released version 1.2.4 of
method-python