# `Codat.Webhooks.Plug`
[🔗](https://github.com/iamkanishka/codat.git/blob/v1.0.0/lib/codat/webhooks/plug.ex#L1)

A `Plug` that handles incoming Codat webhook events.

Reads and caches the raw request body, verifies the Svix HMAC signature,
decodes JSON, and dispatches to your `Codat.Webhooks.Handler` implementation.

## Setup in Phoenix

    forward "/webhooks/codat", Codat.Webhooks.Plug,
      secret: System.get_env("CODAT_WEBHOOK_SECRET"),
      handler: MyApp.CodatWebhookHandler

## Options

- `:secret` (**required**) — your `whsec_...` signing secret
- `:handler` (**required**) — module implementing `Codat.Webhooks.Handler`
- `:path` — only handle requests matching this path
- `:tolerance` — max webhook age in seconds (default: 300)
- `:halt_on_error` — return 500 on handler errors (default: false)
- `:log_level` — log level for events (default: `:info`)
- `:raw_body_key` — private key where raw body is cached (default: `:raw_body`)

---

*Consult [api-reference.md](api-reference.md) for complete listing*