Webhook validation

Does anyone have an example of validating the signature of a webhook? The documentation is very limited. I’ve been able to successfully create the webhooks and am receiving the data, but am struggling with the HMAC validation of the signature.

I’m currently writing this in Golang, but any examples would help.

package bitmovin

import (






var SignitureHeader = "Bitmovin-Signature"

func SignatureValidation(payload string, verify string) (bool) {

secret := os.Getenv("BITMOVIN_HOOK_SCERET")

return checkHash(secret, payload, verify)


func computeHash(secret []byte, payload []byte) string {

mac := hmac.New(sha512.New, secret)


hex := hex.EncodeToString(mac.Sum(nil))

return hex


func checkHash(secret string, payload string, verify string) bool {

return hmac.Equal([]byte(verify), []byte(computeHash([]byte(secret), []byte(payload))))


Verify is the Bitmovin-Signature and the payload is the body of the request.