# `DripDrop.Channels.Webhook.Signer`
[🔗](https://github.com/agoodway/dripdrop/blob/v0.1.0/lib/dripdrop/channels/webhook/signer.ex#L1)

Signature signing and verification per the Standard Webhooks spec.

This is a small re-implementation of the algorithm described at
<https://www.standardwebhooks.com/>, mirroring the public surface of the
upstream Elixir reference at
<https://github.com/standard-webhooks/standard-webhooks/tree/main/libraries/elixir>.

Vendored to remove a git-only dependency that blocked Hex publish.

# `sign`

```elixir
@spec sign(String.t(), integer(), map(), binary()) :: String.t()
```

Signs a payload and returns a `v1,<base64-signature>` header value.

  * `id` — webhook message id (string)
  * `timestamp` — unix seconds (integer)
  * `payload` — map; JSON-encoded internally
  * `secret` — raw HMAC secret bytes, OR a base64 string, OR a `whsec_<base64>` string

# `validate_timestamp`

```elixir
@spec validate_timestamp(integer()) :: :ok
```

Raises if `timestamp` is outside the 5-minute tolerance window. Returns `:ok`.

# `verify`

```elixir
@spec verify(map(), Plug.Conn.t(), binary()) :: boolean()
```

Verifies a payload against the signatures present on `conn`.

Reads `webhook-id`, `webhook-timestamp`, and `webhook-signature` headers and
returns `true` when at least one signature matches. Raises `ArgumentError`
when required headers are missing.

---

*Consult [api-reference.md](api-reference.md) for complete listing*