Coinbase Developer Documentation home page
Search...
⌘K
Ask AI
Get help
Dev portal
Dev portal
Search...
Navigation
API Architecture
Commerce API Webhooks Security
Docs
API Reference
SDKs
GET STARTED
Home
Quickstart
Use AI Tooling
Supported Networks
Authentication
Demo Apps
CDP Portal
Changelog
WALLETS
Comparing Our Wallet Products
Server Wallet
v2
Server Wallet
v1
Embedded Wallet
PAYMENTS
Send & Receive
Onramp & Offramp
x402
TRADING
Trade API
Beta
BASE TOOLS
Base Account
Paymaster
Appchains
Onchainkit
DATA
Introduction
Node
Address History
Token Balances
Beta
Webhooks
Alpha
Smart Contract Events
Verifications
AI
AgentKit
STAKING
Staking API
Staking Delegation Guides
FAUCET
Using Faucets
CONSUMER APIS
Coinbase App
Coinbase Wallet
Coinbase Mesh
BUSINESS APIS
Coinbase Business
Coinbase Commerce
Welcome
Getting Started
Quickstart
Crypto Payments
Payment Status
Not a Developer?
API Reference
USDC Payment Button
Accepting Payment
Integrations
API Architecture
Webhooks Overview
Webhooks Security
Webhooks Fields and Events
Release Notes
INSTITUTIONAL APIS
Overview
Coinbase Exchange
Coinbase International Exchange
Coinbase Prime
Coinbase Derivatives
API Architecture
Commerce API Webhooks Security
Copy page
Copy page
Every Commerce webhook request includes an
X-CC-WEBHOOK-SIGNATURE
header. This header contains the SHA256 HMAC signature of the raw request payload, computed using your webhook shared secret as the key.
Get your shared webhook secret under
Settings > Notifications
.
Verify the webhook signature before acting on it inside your system.
Refer to the
Coinbase Commerce Ruby reference implementation
.
See Also:
Using Webhooks
Webhook Fields and Events
Was this page helpful?
Yes
No
Commerce API Webhooks Overview
Previous
Commerce API Webhooks Fields and Events
Next
Assistant
Responses are generated using AI and may contain mistakes.