Webhook Signature Docs Audit
Pricing
from $4.00 / 1,000 webhook docs audit rows
Webhook Signature Docs Audit
Audit public API documentation for webhook signature-verification completeness: headers, HMAC/signing algorithm, timestamp/replay protection, secrets, examples, and payload guidance.
Pricing
from $4.00 / 1,000 webhook docs audit rows
Rating
0.0
(0)
Developer
Defenestrator
Maintained by CommunityActor stats
0
Bookmarked
2
Total users
0
Monthly active users
4 hours ago
Last modified
Categories
Share
Audit public API documentation for webhook signature-verification coverage and export one structured checklist row per docs URL.
Use this Actor when you need a repeatable way to review whether webhook docs explain the security details developers need: signature headers, signing algorithms, raw-body handling, replay protection, secret setup, test events, and implementation examples.
This is an unofficial documentation-audit utility. It does not test live webhook delivery, log in to private portals, or certify a provider's security implementation.
Common use cases
| Use case | Why it helps |
|---|---|
| API documentation launch review | Check whether webhook verification docs are ready before publishing or relaunching developer docs. |
| Vendor technical diligence | Compare how clearly SaaS vendors document webhook verification before building integrations. |
| Security checklist automation | Produce one row per provider with scoring, evidence URLs, warnings, and recommendations. |
| DevRel / docs QA | Identify missing implementation details that cause insecure or broken webhook receivers. |
| Integration agency review | Triage many public docs sites before deeper manual review. |
Input
Provide public HTTP(S) documentation URLs. Direct webhook verification pages work best, but broader developer-portal URLs can also be used with a small crawl budget.
{"startUrls": [{ "url": "https://docs.github.com/en/webhooks/using-webhooks/validating-webhook-deliveries" }],"maxPagesPerSite": 3,"timeoutSecs": 20,"sameHostOnly": true}
Input fields
| Field | Type | Default | Notes |
|---|---|---|---|
startUrls | array | required | Public API docs, webhook docs, developer-portal pages, or vendor docs URLs. |
maxPagesPerSite | integer | 8 | Maximum successful pages analyzed per input URL. Lower values keep runs cheap and focused. |
timeoutSecs | integer | 20 | HTTP timeout per page request. |
sameHostOnly | boolean | true | Keeps discovered candidate links on the same host as the input URL. |
Do not submit confidential, authenticated, internal, or non-public documentation URLs.
Output
The Actor writes one dataset item per input URL. Rows include:
domain,inputUrl,normalizedUrlauditScore,grade, andriskLevel- checklist booleans such as
webhookDocsFound,signatureVerificationDocumented,signatureAlgorithmMentioned,signatureHeaderNamed,timestampOrReplayProtectionMentioned,signingSecretMentioned,codeExamplesFound, andrawBodyOrCanonicalizationMentioned - detected signature headers and algorithms when found
bestPageUrl,evidenceUrls, sampled URLs, warnings, and practical recommendations
Pricing
from $4.00 / 1,000 audited webhook documentation URLs
This Actor uses Apify Pay per Event pricing with platform usage included. The row event is charged only for useful rows written to the default dataset.
| Event | Price | Unit |
|---|---|---|
Actor start (apify-actor-start) | $0.00005 | Once when the run starts. |
Webhook docs audit row (apify-default-dataset-item) | $0.004 | Per audited webhook documentation URL row. |
A row is one public webhook documentation URL audit result. Apify plan discounts, user-configured max-charge limits, and any future Apify pricing UI changes may affect final charges.
Limitations and responsible use
- This is a heuristic documentation audit, not legal advice, security certification, penetration testing, or live webhook validation.
- A high score means the public docs appear to cover important implementation details; it does not prove webhooks are signed correctly in production.
- JavaScript-heavy, blocked, sparse, or login-gated documentation may under-score.
- Human review is recommended before relying on results for high-stakes vendor, security, procurement, or compliance decisions.
- Use only with documentation you are allowed to access and review.
Data handling
The Actor fetches the public URLs supplied in the input and, when enabled, a small set of same-host candidate links. It writes structured audit rows to the run's default dataset and intentionally avoids storing full page contents in output.
Related Actors in this portfolio
This Actor is part of the API documentation reliability audits group. These are narrow, source-specific Apify Actors intended for scheduled checks and repeatable dataset exports — not broad scraped-content feeds.
- Webhook Signature Docs Audit — Webhook signature-verification documentation audit for integration readiness.
- Rate Limit Docs Audit — API rate-limit documentation audit for quota, header, reset, and retry clarity.
- Idempotency Docs Audit — API idempotency documentation audit for retry-safety and duplicate handling.
- API Error Contract Docs Audit — API error-contract documentation audit for status codes, error bodies, and examples.
Each listing includes its own source notes, limits, pricing, and responsible-use caveats. Use the official source links in each Actor when decisions require verification.