> **Source:** https://knowledge.leegality.com/document-execution/api/webhooks/verify-webhook-request
> **Site:** Leegality Knowledge Base — https://knowledge.leegality.com
> **About:** Leegality is a document execution platform covering eSigning, stamps, NeSL, workflows, and REST API integration.
> **Navigation:** Every article on this site has a plain-text version at `<article-url>.txt` (this format). To get an index of all articles with their `.txt` links, read: https://knowledge.leegality.com/llms.txt
> **AI Guide:** For instructions on how to navigate this knowledge base as an AI agent, read: https://knowledge.leegality.com/ai-readable.txt

---
# Verify Webhook Request

Every webhook payload Leegality sends includes a `mac` field. This is an HMAC-SHA1 signature that lets you confirm the request genuinely came from Leegality and was not tampered with in transit.

## How the MAC Is Computed

Leegality computes the `mac` value as:

```
HMAC-SHA1(documentId, privateSalt)
```

Where:
- `documentId` is the unique Leegality document ID in the payload
- `privateSalt` is your account's private salt from the API Settings tab on the dashboard

## Verification Steps

1. Retrieve your **Private Salt** from **Dashboard** → **API Settings**
2. Extract `documentId` from the incoming webhook payload
3. Compute `HMAC-SHA1(documentId, privateSalt)` on your server
4. Compare your computed value with the `mac` field in the payload
5. If they match — the webhook is authentic. If they don't — discard it.