truelayer-signing 0.1.0

data/doc/js/searcher.js

@@ -0,0 +1,229 @@
+Searcher = function(data) {
+  this.data = data;
+  this.handlers = [];
+}
+
+Searcher.prototype = new function() {
+  // search is performed in chunks of 1000 for non-blocking user input
+  var CHUNK_SIZE = 1000;
+  // do not try to find more than 100 results
+  var MAX_RESULTS = 100;
+  var huid = 1;
+  var suid = 1;
+  var runs = 0;
+
+  this.find = function(query) {
+    var queries = splitQuery(query);
+    var regexps = buildRegexps(queries);
+    var highlighters = buildHilighters(queries);
+    var state = { from: 0, pass: 0, limit: MAX_RESULTS, n: suid++};
+    var _this = this;
+
+    this.currentSuid = state.n;
+
+    if (!query) return;
+
+    var run = function() {
+      // stop current search thread if new search started
+      if (state.n != _this.currentSuid) return;
+
+      var results =
+        performSearch(_this.data, regexps, queries, highlighters, state);
+      var hasMore = (state.limit > 0 && state.pass < 4);
+
+      triggerResults.call(_this, results, !hasMore);
+      if (hasMore) {
+        setTimeout(run, 2);
+      }
+      runs++;
+    };
+    runs = 0;
+
+    // start search thread
+    run();
+  }
+
+  /*  ----- Events ------  */
+  this.ready = function(fn) {
+    fn.huid = huid;
+    this.handlers.push(fn);
+  }
+
+  /*  ----- Utilities ------  */
+  function splitQuery(query) {
+    return query.split(/(\s+|::?|\(\)?)/).filter(function(string) {
+      return string.match(/\S/);
+    });
+  }
+
+  function buildRegexps(queries) {
+    return queries.map(function(query) {
+      return new RegExp(query.replace(/(.)/g, '([$1])([^$1]*?)'), 'i');
+    });
+  }
+
+  function buildHilighters(queries) {
+    return queries.map(function(query) {
+      return query.split('').map(function(l, i) {
+        return '\u0001$' + (i*2+1) + '\u0002$' + (i*2+2);
+      }).join('');
+    });
+  }
+
+  // function longMatchRegexp(index, longIndex, regexps) {
+  //     for (var i = regexps.length - 1; i >= 0; i--){
+  //         if (!index.match(regexps[i]) && !longIndex.match(regexps[i])) return false;
+  //     };
+  //     return true;
+  // }
+
+
+  /*  ----- Mathchers ------  */
+
+  /*
+   * This record matches if the index starts with queries[0] and the record
+   * matches all of the regexps
+   */
+  function matchPassBeginning(index, longIndex, queries, regexps) {
+    if (index.indexOf(queries[0]) != 0) return false;
+    for (var i=1, l = regexps.length; i < l; i++) {
+      if (!index.match(regexps[i]) && !longIndex.match(regexps[i]))
+        return false;
+    };
+    return true;
+  }
+
+  /*
+   * This record matches if the longIndex starts with queries[0] and the
+   * longIndex matches all of the regexps
+   */
+  function matchPassLongIndex(index, longIndex, queries, regexps) {
+    if (longIndex.indexOf(queries[0]) != 0) return false;
+    for (var i=1, l = regexps.length; i < l; i++) {
+      if (!longIndex.match(regexps[i]))
+        return false;
+    };
+    return true;
+  }
+
+  /*
+   * This record matches if the index contains queries[0] and the record
+   * matches all of the regexps
+   */
+  function matchPassContains(index, longIndex, queries, regexps) {
+    if (index.indexOf(queries[0]) == -1) return false;
+    for (var i=1, l = regexps.length; i < l; i++) {
+      if (!index.match(regexps[i]) && !longIndex.match(regexps[i]))
+        return false;
+    };
+    return true;
+  }
+
+  /*
+   * This record matches if regexps[0] matches the index and the record
+   * matches all of the regexps
+   */
+  function matchPassRegexp(index, longIndex, queries, regexps) {
+    if (!index.match(regexps[0])) return false;
+    for (var i=1, l = regexps.length; i < l; i++) {
+      if (!index.match(regexps[i]) && !longIndex.match(regexps[i]))
+        return false;
+    };
+    return true;
+  }
+
+
+  /*  ----- Highlighters ------  */
+  function highlightRegexp(info, queries, regexps, highlighters) {
+    var result = createResult(info);
+    for (var i=0, l = regexps.length; i < l; i++) {
+      result.title = result.title.replace(regexps[i], highlighters[i]);
+      result.namespace = result.namespace.replace(regexps[i], highlighters[i]);
+    };
+    return result;
+  }
+
+  function hltSubstring(string, pos, length) {
+    return string.substring(0, pos) + '\u0001' + string.substring(pos, pos + length) + '\u0002' + string.substring(pos + length);
+  }
+
+  function highlightQuery(info, queries, regexps, highlighters) {
+    var result = createResult(info);
+    var pos = 0;
+    var lcTitle = result.title.toLowerCase();
+
+    pos = lcTitle.indexOf(queries[0]);
+    if (pos != -1) {
+      result.title = hltSubstring(result.title, pos, queries[0].length);
+    }
+
+    result.namespace = result.namespace.replace(regexps[0], highlighters[0]);
+    for (var i=1, l = regexps.length; i < l; i++) {
+      result.title = result.title.replace(regexps[i], highlighters[i]);
+      result.namespace = result.namespace.replace(regexps[i], highlighters[i]);
+    };
+    return result;
+  }
+
+  function createResult(info) {
+    var result = {};
+    result.title = info[0];
+    result.namespace = info[1];
+    result.path = info[2];
+    result.params = info[3];
+    result.snippet = info[4];
+    result.badge = info[6];
+    return result;
+  }
+
+  /*  ----- Searching ------  */
+  function performSearch(data, regexps, queries, highlighters, state) {
+    var searchIndex = data.searchIndex;
+    var longSearchIndex = data.longSearchIndex;
+    var info = data.info;
+    var result = [];
+    var i = state.from;
+    var l = searchIndex.length;
+    var togo = CHUNK_SIZE;
+    var matchFunc, hltFunc;
+
+    while (state.pass < 4 && state.limit > 0 && togo > 0) {
+      if (state.pass == 0) {
+        matchFunc = matchPassBeginning;
+        hltFunc = highlightQuery;
+      } else if (state.pass == 1) {
+        matchFunc = matchPassLongIndex;
+        hltFunc = highlightQuery;
+      } else if (state.pass == 2) {
+        matchFunc = matchPassContains;
+        hltFunc = highlightQuery;
+      } else if (state.pass == 3) {
+        matchFunc = matchPassRegexp;
+        hltFunc = highlightRegexp;
+      }
+
+      for (; togo > 0 && i < l && state.limit > 0; i++, togo--) {
+        if (info[i].n == state.n) continue;
+        if (matchFunc(searchIndex[i], longSearchIndex[i], queries, regexps)) {
+          info[i].n = state.n;
+          result.push(hltFunc(info[i], queries, regexps, highlighters));
+          state.limit--;
+        }
+      };
+      if (searchIndex.length <= i) {
+        state.pass++;
+        i = state.from = 0;
+      } else {
+        state.from = i;
+      }
+    }
+    return result;
+  }
+
+  function triggerResults(results, isLast) {
+    this.handlers.forEach(function(fn) {
+      fn.call(this, results, isLast)
+    });
+  }
+}
+

data/doc/table_of_contents.html

@@ -0,0 +1,269 @@
+<!DOCTYPE html>
+
+<html>
+<head>
+<meta charset="UTF-8">
+
+<title>Table of Contents - RDoc Documentation</title>
+
+<script type="text/javascript">
+  var rdoc_rel_prefix = "./";
+  var index_rel_prefix = "./";
+</script>
+
+<script src="./js/navigation.js" defer></script>
+<script src="./js/search.js" defer></script>
+<script src="./js/search_index.js" defer></script>
+<script src="./js/searcher.js" defer></script>
+<script src="./js/darkfish.js" defer></script>
+
+<link href="./css/fonts.css" rel="stylesheet">
+<link href="./css/rdoc.css" rel="stylesheet">
+
+
+<body id="top" class="table-of-contents">
+<main role="main">
+<h1 class="class">Table of Contents - RDoc Documentation</h1>
+
+<h2 id="pages">Pages</h2>
+<ul>
+  <li class="file">
+    <a href="CHANGELOG_md.html">CHANGELOG</a>
+
+    <ul>
+      <li><a href="CHANGELOG_md.html#label-Changelog">Changelog</a>
+      <li><a href="CHANGELOG_md.html#label-5BUnreleased-5D">[Unreleased]</a>
+      <li><a href="CHANGELOG_md.html#label-5B0.1.0-5D+-E2-80-93+2023-01-09">[0.1.0] – 2023-01-09</a>
+    </ul>
+  </li>
+  <li class="file">
+    <a href="LICENSE-APACHE.html">LICENSE-APACHE</a>
+  </li>
+  <li class="file">
+    <a href="LICENSE-MIT.html">LICENSE-MIT</a>
+  </li>
+  <li class="file">
+    <a href="README_md.html">README</a>
+
+    <ul>
+      <li><a href="README_md.html#label-truelayer-signing">truelayer-signing</a>
+      <li><a href="README_md.html#label-Installation">Installation</a>
+      <li><a href="README_md.html#label-Configuration">Configuration</a>
+      <li><a href="README_md.html#label-Generating+a+signature">Generating a signature</a>
+      <li><a href="README_md.html#label-Verifying+webhooks">Verifying webhooks</a>
+      <li><a href="README_md.html#label-Testing">Testing</a>
+    </ul>
+  </li>
+  <li class="file">
+    <a href="Rakefile.html">Rakefile</a>
+  </li>
+  <li class="file">
+    <a href="examples/sign-request/Gemfile.html">Gemfile</a>
+  </li>
+  <li class="file">
+    <a href="examples/sign-request/Gemfile_lock.html">Gemfile.lock</a>
+  </li>
+  <li class="file">
+    <a href="examples/sign-request/README_md.html">README</a>
+
+    <ul>
+      <li><a href="examples/sign-request/README_md.html#label-Ruby+request+signature+example">Ruby request signature example</a>
+      <li><a href="examples/sign-request/README_md.html#label-Run">Run</a>
+    </ul>
+  </li>
+  <li class="file">
+    <a href="examples/webhook-server/Gemfile.html">Gemfile</a>
+  </li>
+  <li class="file">
+    <a href="examples/webhook-server/Gemfile_lock.html">Gemfile.lock</a>
+  </li>
+  <li class="file">
+    <a href="examples/webhook-server/README_md.html">README</a>
+
+    <ul>
+      <li><a href="examples/webhook-server/README_md.html#label-Ruby+webhook+server+example">Ruby webhook server example</a>
+      <li><a href="examples/webhook-server/README_md.html#label-Run">Run</a>
+    </ul>
+  </li>
+</ul>
+
+<h2 id="classes">Classes and Modules</h2>
+<ul>
+  <li class="module">
+    <a href="JWT.html">JWT</a>
+  </li>
+  <li class="class">
+    <a href="JWT/Decode.html">JWT::Decode</a>
+  </li>
+  <li class="class">
+    <a href="JWT/Encode.html">JWT::Encode</a>
+  </li>
+  <li class="module">
+    <a href="JWT/JWK.html">JWT::JWK</a>
+  </li>
+  <li class="class">
+    <a href="JWT/JWK/EC.html">JWT::JWK::EC</a>
+  </li>
+  <li class="module">
+    <a href="TrueLayerSigning.html">TrueLayerSigning</a>
+  </li>
+  <li class="class">
+    <a href="TrueLayerSigning/Config.html">TrueLayerSigning::Config</a>
+  </li>
+  <li class="class">
+    <a href="TrueLayerSigning/Error.html">TrueLayerSigning::Error</a>
+  </li>
+  <li class="class">
+    <a href="TrueLayerSigning/JwsBase.html">TrueLayerSigning::JwsBase</a>
+  </li>
+  <li class="class">
+    <a href="TrueLayerSigning/JwsHeader.html">TrueLayerSigning::JwsHeader</a>
+  </li>
+  <li class="class">
+    <a href="TrueLayerSigning/Signer.html">TrueLayerSigning::Signer</a>
+  </li>
+  <li class="class">
+    <a href="TrueLayerSigning/Verifier.html">TrueLayerSigning::Verifier</a>
+  </li>
+  <li class="class">
+    <a href="TrueLayerSigningExamples.html">TrueLayerSigningExamples</a>
+  </li>
+</ul>
+
+<h2 id="methods">Methods</h2>
+<ul>
+
+  <li class="method">
+    <a href="TrueLayerSigning.html#method-c-extract_jws_header">::extract_jws_header</a>
+    &mdash;
+    <span class="container">TrueLayerSigning</span>
+
+  <li class="method">
+    <a href="TrueLayerSigning/Verifier.html#method-c-new">::new</a>
+    &mdash;
+    <span class="container">TrueLayerSigning::Verifier</span>
+
+  <li class="method">
+    <a href="TrueLayerSigning/Config.html#method-c-new">::new</a>
+    &mdash;
+    <span class="container">TrueLayerSigning::Config</span>
+
+  <li class="method">
+    <a href="TrueLayerSigning/JwsHeader.html#method-c-new">::new</a>
+    &mdash;
+    <span class="container">TrueLayerSigning::JwsHeader</span>
+
+  <li class="method">
+    <a href="TrueLayerSigning/JwsBase.html#method-c-new">::new</a>
+    &mdash;
+    <span class="container">TrueLayerSigning::JwsBase</span>
+
+  <li class="method">
+    <a href="TrueLayerSigning/Verifier.html#method-c-parse_tl_signature">::parse_tl_signature</a>
+    &mdash;
+    <span class="container">TrueLayerSigning::Verifier</span>
+
+  <li class="method">
+    <a href="TrueLayerSigningExamples.html#method-c-run_webhook_server">::run_webhook_server</a>
+    &mdash;
+    <span class="container">TrueLayerSigningExamples</span>
+
+  <li class="method">
+    <a href="TrueLayerSigning/Config.html#method-c-setup">::setup</a>
+    &mdash;
+    <span class="container">TrueLayerSigning::Config</span>
+
+  <li class="method">
+    <a href="TrueLayerSigning.html#method-c-sign_with_pem">::sign_with_pem</a>
+    &mdash;
+    <span class="container">TrueLayerSigning</span>
+
+  <li class="method">
+    <a href="TrueLayerSigningExamples.html#method-c-test_signature_endpoint">::test_signature_endpoint</a>
+    &mdash;
+    <span class="container">TrueLayerSigningExamples</span>
+
+  <li class="method">
+    <a href="TrueLayerSigning.html#method-c-verify_with_jwks">::verify_with_jwks</a>
+    &mdash;
+    <span class="container">TrueLayerSigning</span>
+
+  <li class="method">
+    <a href="TrueLayerSigning.html#method-c-verify_with_pem">::verify_with_pem</a>
+    &mdash;
+    <span class="container">TrueLayerSigning</span>
+
+  <li class="method">
+    <a href="TrueLayerSigning/JwsBase.html#method-i-add_header">#add_header</a>
+    &mdash;
+    <span class="container">TrueLayerSigning::JwsBase</span>
+
+  <li class="method">
+    <a href="JWT/JWK/EC.html#method-i-create_ec_key">#create_ec_key</a>
+    &mdash;
+    <span class="container">JWT::JWK::EC</span>
+
+  <li class="method">
+    <a href="TrueLayerSigning/JwsHeader.html#method-i-filter_headers">#filter_headers</a>
+    &mdash;
+    <span class="container">TrueLayerSigning::JwsHeader</span>
+
+  <li class="method">
+    <a href="TrueLayerSigning/Verifier.html#method-i-require_header">#require_header</a>
+    &mdash;
+    <span class="container">TrueLayerSigning::Verifier</span>
+
+  <li class="method">
+    <a href="TrueLayerSigning/Verifier.html#method-i-require_headers">#require_headers</a>
+    &mdash;
+    <span class="container">TrueLayerSigning::Verifier</span>
+
+  <li class="method">
+    <a href="TrueLayerSigning/JwsBase.html#method-i-set_body">#set_body</a>
+    &mdash;
+    <span class="container">TrueLayerSigning::JwsBase</span>
+
+  <li class="method">
+    <a href="TrueLayerSigning/JwsBase.html#method-i-set_headers">#set_headers</a>
+    &mdash;
+    <span class="container">TrueLayerSigning::JwsBase</span>
+
+  <li class="method">
+    <a href="TrueLayerSigning/Signer.html#method-i-set_jku">#set_jku</a>
+    &mdash;
+    <span class="container">TrueLayerSigning::Signer</span>
+
+  <li class="method">
+    <a href="TrueLayerSigning/JwsBase.html#method-i-set_method">#set_method</a>
+    &mdash;
+    <span class="container">TrueLayerSigning::JwsBase</span>
+
+  <li class="method">
+    <a href="TrueLayerSigning/JwsBase.html#method-i-set_path">#set_path</a>
+    &mdash;
+    <span class="container">TrueLayerSigning::JwsBase</span>
+
+  <li class="method">
+    <a href="TrueLayerSigning/Signer.html#method-i-sign">#sign</a>
+    &mdash;
+    <span class="container">TrueLayerSigning::Signer</span>
+
+  <li class="method">
+    <a href="TrueLayerSigning/JwsHeader.html#method-i-to_h">#to_h</a>
+    &mdash;
+    <span class="container">TrueLayerSigning::JwsHeader</span>
+
+  <li class="method">
+    <a href="TrueLayerSigning/Verifier.html#method-i-verify">#verify</a>
+    &mdash;
+    <span class="container">TrueLayerSigning::Verifier</span>
+</ul>
+</main>
+
+
+<footer id="validator-badges" role="contentinfo">
+  <p><a href="https://validator.w3.org/check/referer">Validate</a>
+  <p>Generated by <a href="https://ruby.github.io/rdoc/">RDoc</a> 6.5.0.
+  <p>Based on <a href="http://deveiate.org/projects/Darkfish-RDoc/">Darkfish</a> by <a href="http://deveiate.org">Michael Granger</a>.
+</footer>
+

data/examples/sign-request/Gemfile

@@ -0,0 +1,4 @@
+source "https://rubygems.org"
+
+gem "http"
+gem "truelayer-signing"

data/examples/sign-request/Gemfile.lock

@@ -0,0 +1,41 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.8.1)
+      public_suffix (>= 2.0.2, < 6.0)
+    domain_name (0.5.20190701)
+      unf (>= 0.0.5, < 1.0.0)
+    ffi (1.15.5)
+    ffi-compiler (1.0.1)
+      ffi (>= 1.0.0)
+      rake
+    http (5.1.1)
+      addressable (~> 2.8)
+      http-cookie (~> 1.0)
+      http-form_data (~> 2.2)
+      llhttp-ffi (~> 0.4.0)
+    http-cookie (1.0.5)
+      domain_name (~> 0.5)
+    http-form_data (2.3.0)
+    jwt (2.6.0)
+    llhttp-ffi (0.4.0)
+      ffi-compiler (~> 1.0)
+      rake (~> 13.0)
+    public_suffix (5.0.1)
+    rake (13.0.6)
+    truelayer-signing (0.1.0)
+      jwt (= 2.6)
+    unf (0.1.4)
+      unf_ext
+    unf_ext (0.0.8.2)
+
+PLATFORMS
+  arm64-darwin-21
+  ruby
+
+DEPENDENCIES
+  http
+  truelayer-signing
+
+BUNDLED WITH
+   2.4.1

data/examples/sign-request/README.md

@@ -0,0 +1,27 @@
+# Ruby request signature example
+
+Sends a signed request to `https://api.truelayer-sandbox.com/test-signature`.
+
+## Run
+
+Set the following environment variables:
+
+* `TRUELAYER_SIGNING_ACCESS_TOKEN` – a valid JWT access token for the `payments` scope (see our
+    [docs](https://docs.truelayer.com/docs/retrieve-a-token-in-your-server)).
+* `TRUELAYER_SIGNING_CERTIFICATE_ID` – the certificate/key UUID associated with your public key
+    uploaded at [console.truelayer.com](https://console.truelayer.com).
+* `TRUELAYER_SIGNING_PRIVATE_KEY` – the private key PEM string that matches the certificate ID of the
+    uploaded public key. Should have the same format as [this example private
+    key](https://github.com/TrueLayer/truelayer-signing/blob/main/test-resources/ec512-private.pem).
+
+Install the required dependencies:
+
+```sh
+$ bundle
+```
+
+Execute the request-signing example script: 
+
+```sh
+$ ruby main.rb
+```

data/examples/sign-request/main.rb

@@ -0,0 +1,46 @@
+require "http"
+require "securerandom"
+require "truelayer-signing"
+
+class TrueLayerSigningExamples
+  # Set required environment variables
+  TRUELAYER_SIGNING_ACCESS_TOKEN = ENV.fetch("TRUELAYER_SIGNING_ACCESS_TOKEN", nil).freeze
+  TRUELAYER_SIGNING_BASE_URL = "https://api.truelayer-sandbox.com".freeze
+
+  raise(StandardError, "TRUELAYER_SIGNING_ACCESS_TOKEN is missing") \
+    if TRUELAYER_SIGNING_ACCESS_TOKEN.nil? || TRUELAYER_SIGNING_ACCESS_TOKEN.empty?
+
+  class << self
+    def test_signature_endpoint
+      url = "#{TRUELAYER_SIGNING_BASE_URL}/test-signature"
+      idempotency_key = SecureRandom.uuid
+
+      # A random body string is enough for this request as the `/test-signature` endpoint does not
+      # require any schema, it simply checks the signature is valid against what's received.
+      body = "body-#{SecureRandom.uuid}"
+
+      # Generate a `Tl-Signature`
+      signature = TrueLayerSigning.sign_with_pem
+        .set_method("POST")
+        .set_path("/test-signature")
+        # Optional: `/test-signature` does not require any headers, but we may sign some anyway.
+        # All signed headers *must* be included unmodified in the request.
+        .add_header("Idempotency-Key", idempotency_key)
+        .add_header("X-Bar-Header", "abc123")
+        .set_body(body)
+        .sign
+
+      response = HTTP.auth("Bearer #{TRUELAYER_SIGNING_ACCESS_TOKEN}")
+        .headers(idempotency_key: idempotency_key)
+        .headers(x_bar_header: "abc123")
+        .headers(tl_signature: signature)
+        .post(url, body: body)
+
+      return puts "✓ Signature is valid" if response.status.success?
+
+      puts JSON.pretty_generate(JSON.parse(response.to_s))
+    end
+  end
+end
+
+TrueLayerSigningExamples.test_signature_endpoint

data/examples/webhook-server/Gemfile

@@ -0,0 +1,3 @@
+source "https://rubygems.org"
+
+gem "truelayer-signing"

data/examples/webhook-server/Gemfile.lock

@@ -0,0 +1,15 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    jwt (2.6.0)
+    truelayer-signing (0.1.0)
+      jwt (= 2.6)
+
+PLATFORMS
+  arm64-darwin-21
+
+DEPENDENCIES
+  truelayer-signing
+
+BUNDLED WITH
+   2.4.1

data/examples/webhook-server/README.md

@@ -0,0 +1,30 @@
+# Ruby webhook server example
+
+An HTTP server that can receive and verify signed TrueLayer webhooks.
+
+## Run
+
+Install the required dependencies:
+
+```sh
+$ bundle
+```
+
+Run the server locally:
+
+```sh
+$ ruby main.rb
+```
+
+Send a valid webhook that was signed for the path `/hook/d7a2c49d-110a-4ed2-a07d-8fdb3ea6424b`:
+
+```sh
+curl -iX POST -H "Content-Type: application/json" \
+    -H "X-Tl-Webhook-Timestamp: 2022-03-11T14:00:33Z" \
+    -H "Tl-Signature: eyJhbGciOiJFUzUxMiIsImtpZCI6IjFmYzBlNTlmLWIzMzUtNDdjYS05OWE5LTczNzQ5NTc1NmE1OCIsInRsX3ZlcnNpb24iOiIyIiwidGxfaGVhZGVycyI6IngtdGwtd2ViaG9vay10aW1lc3RhbXAiLCJqa3UiOiJodHRwczovL3dlYmhvb2tzLnRydWVsYXllci5jb20vLndlbGwta25vd24vandrcyJ9..AE_QsBRhnsMkcRzd42wvY1e2HruUhkOgjuZKktGH_WmbD7rBzoaEHUuF36IxyyvCbLajd3MBExNmzjbrOQsGaspwAI5DcGVMFLKUhB7ZzUlTP9up3eNUrdwWyyfBWDQb-qmEuLnrhFDJvgCXEqlV5OLrt-O7LaRAJ4f9KHsZLQ_j2vPC" \
+    -d "{\"event_type\":\"payout_settled\",\"event_schema_version\":1,\"event_id\":\"8fb9fb4e-bb2b-400b-af64-59e5dde74bad\",\"event_body\":{\"transaction_id\":\"c34c8721-66a9-49f6-a229-284efcf88a02\",\"settled_at\":\"2022-03-11T14:00:32.933000Z\"}}" \
+    http://localhost:4567/hook/d7a2c49d-110a-4ed2-a07d-8fdb3ea6424b
+```
+
+Modifying the `X-Tl-Webhook-Timestamp` header, the body or the path of the request will cause the
+above signature to be invalid.