Securing webhooks needs C# example

[scattered-code]

You can include this:

private string ComputeSignature(string stringToSign)
{
    var secret = "Webhook Signing Key";
    using (var hmac = new HMACSHA256(Encoding.ASCII.GetBytes(secret)))
    {
        var signature = hmac.ComputeHash(Encoding.ASCII.GetBytes(stringToSign));
        return BitConverter.ToString(signature).Replace("-", "");
    }
}

var digest = ComputeSignature(emailEvent.Signature.Timestamp + emailEvent.Signature.Token);
if (digest.Equals(emailEvent.Signature.Signature, StringComparison.OrdinalIgnoreCase))
    ... //signature valid