Skip to content

fix: correct webhook signature verification to use standard base64#88

Merged
sitole merged 1 commit into
mainfrom
fix/webhook-signature-verification
Jan 28, 2026
Merged

fix: correct webhook signature verification to use standard base64#88
sitole merged 1 commit into
mainfrom
fix/webhook-signature-verification

Conversation

@sitole

@sitole sitole commented Jan 28, 2026

Copy link
Copy Markdown
Member

Remove URL-safe base64 character replacements from signature verification code examples.
E2B webhooks send standard base64 signatures (with + and / characters).


Note

Updates webhook verification examples to match standard base64 signatures from E2B.

  • JS/TS, Python, and Go snippets now compare signatures using standard base64 and only strip = padding (no URL-safe +// replacements)
  • Changes confined to docs/sandbox/lifecycle-events-webhooks.mdx

Written by Cursor Bugbot for commit d169027. This will update automatically on new commits. Configure here.

Remove URL-safe base64 character replacements (+/- and /_) from signature
verification code examples. E2B webhooks send standard base64 signatures
(with + and / characters), not URL-safe base64 as previously documented.

Updated verification code in JavaScript, Python, and Go to match actual
E2B webhook signature format by only removing padding (=) characters.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes webhook signature verification examples to use standard base64 encoding instead of URL-safe base64. The E2B webhook service sends signatures using standard base64 format (with + and / characters), so the verification code examples were incorrectly performing URL-safe character replacements that would cause signature validation to fail.

Changes:

  • Removed incorrect URL-safe base64 character replacements (+ to - and / to _) from signature verification examples
  • Retained padding character (=) removal which is still necessary for comparison

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@sitole
sitole merged commit 8bf0d3a into main Jan 28, 2026
4 checks passed
@sitole
sitole deleted the fix/webhook-signature-verification branch January 28, 2026 16:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants