payload-verification-signature-header-required

Overview

This rule belongs to the apimatic-codegen-validation ruleset and states that:

When payloadVerification exists in webhook or callback configuration, the signatureHeader field MUST be specified to indicate which header contains the signature.

Property	Value
Enabled	Yes
Maximum Severity	Error
Message	PayloadVerification section is missing required signatureHeader field.
Code	APIMATICCODEGEN_V527
Type	Validation
Rule System	Semantic
Broad Category	Webhooks
Products Impacted	Code Generation, Developer Experience Portal
Tags	apimatic code generation codegen sdks portal docs validation apimatic webhook callback payload verification signature header required field

Suggested Fixes

• Add a signatureHeader field to the payloadVerification section.
• Specify the header name where the signature will be provided (for example 'X-Signature').
• The signatureHeader field is case-insensitive.
• Common signature header names include 'X-Signature', 'X-Hub-Signature', or 'Authorization'.

For More Information

• https://www.apimatic.io/continuous-code-generation
• https://docs.apimatic.io/rulesets/overview/