Skip to main content
Version: /v2

Webhook Verification - API

VideoSdk signs the webhook events it sends to your endpoints by including a signature in each event’s videosdk-signature header. This allows you to verify that the events were sent by VideoSdk and not by a third party. You can verify signatures by following these steps.


Public key

Our RSA public key is available at You can obtain it by making a GET request to this endpoint.


Every request will have a custom videosdk-signature header. This header is a signature that is based on the "RSA-SHA256" hash of the request body. You can calculate the signature on your own and compare it with the value given in the header. If the two values are equal, you can safely consider that this request originated from VideoSdk.

Sample code

Webhook Verification
const crypto = require('crypto');
const publicKey = ``'/webhook', (req, res) => {
const signature = req.headers['videosdk-signature'];
const body = req.body;

const isVerified = crypto.verify(
Buffer.from(signature, 'base64')

if (isVerified) {
// your operations

Got a Question? Ask us on discord