application/json, with the event payload as JSON in the request body. We also send the following headers:
X-Snyk-Eventthe name of the event and the version of the payload, such as
X-Snyk-Transport-IDa GUID to identify this delivery
X-Snyk-Timestampan ISO 8601 timestamp for when the event occurred, e.g.
X-Hub-Signaturethe HMAC hex digest of the request body which is used to secure your webhooks and ensure the request did indeed come from Snyk
User-Agentidentifies the origin of the request, e.g.
X-Hub-Signatureheader, which contains the hash signature for the transport. The signature is a HMAC hexdigest of the request body, generated using sha256 and your secret as the HMAC key.
X-Snyk-Eventheader. For example,
project_snapshot/v0indicates that the payload is v0 of the