Stripe webhook signature scheme: Stripe-Signature: t=<ts>,v1=<hex>,...
where v1 = HMAC-SHA256(signingSecret, ${t}.${rawBody}). Verification MUST
run over the exact raw body bytes; the timestamp tolerance prevents replay.
Several signing secrets may be active at once (rotation) — any match wins.
Stripe webhook signature scheme:
Stripe-Signature: t=<ts>,v1=<hex>,...where v1 = HMAC-SHA256(signingSecret,${t}.${rawBody}). Verification MUST run over the exact raw body bytes; the timestamp tolerance prevents replay. Several signing secrets may be active at once (rotation) — any match wins.