Webhook Signature Docs Audit avatar

Webhook Signature Docs Audit

Pricing

from $4.00 / 1,000 webhook docs audit rows

Go to Apify Store
Webhook Signature Docs Audit

Webhook Signature Docs Audit

Audit public API documentation for webhook signature-verification completeness: headers, HMAC/signing algorithm, timestamp/replay protection, secrets, examples, and payload guidance.

Pricing

from $4.00 / 1,000 webhook docs audit rows

Rating

0.0

(0)

Developer

Defenestrator

Defenestrator

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

0

Monthly active users

4 hours ago

Last modified

Categories

Share

Audit public API documentation for webhook signature-verification coverage and export one structured checklist row per docs URL.

Use this Actor when you need a repeatable way to review whether webhook docs explain the security details developers need: signature headers, signing algorithms, raw-body handling, replay protection, secret setup, test events, and implementation examples.

This is an unofficial documentation-audit utility. It does not test live webhook delivery, log in to private portals, or certify a provider's security implementation.

Common use cases

Use caseWhy it helps
API documentation launch reviewCheck whether webhook verification docs are ready before publishing or relaunching developer docs.
Vendor technical diligenceCompare how clearly SaaS vendors document webhook verification before building integrations.
Security checklist automationProduce one row per provider with scoring, evidence URLs, warnings, and recommendations.
DevRel / docs QAIdentify missing implementation details that cause insecure or broken webhook receivers.
Integration agency reviewTriage many public docs sites before deeper manual review.

Input

Provide public HTTP(S) documentation URLs. Direct webhook verification pages work best, but broader developer-portal URLs can also be used with a small crawl budget.

{
"startUrls": [
{ "url": "https://docs.github.com/en/webhooks/using-webhooks/validating-webhook-deliveries" }
],
"maxPagesPerSite": 3,
"timeoutSecs": 20,
"sameHostOnly": true
}

Input fields

FieldTypeDefaultNotes
startUrlsarrayrequiredPublic API docs, webhook docs, developer-portal pages, or vendor docs URLs.
maxPagesPerSiteinteger8Maximum successful pages analyzed per input URL. Lower values keep runs cheap and focused.
timeoutSecsinteger20HTTP timeout per page request.
sameHostOnlybooleantrueKeeps discovered candidate links on the same host as the input URL.

Do not submit confidential, authenticated, internal, or non-public documentation URLs.

Output

The Actor writes one dataset item per input URL. Rows include:

  • domain, inputUrl, normalizedUrl
  • auditScore, grade, and riskLevel
  • checklist booleans such as webhookDocsFound, signatureVerificationDocumented, signatureAlgorithmMentioned, signatureHeaderNamed, timestampOrReplayProtectionMentioned, signingSecretMentioned, codeExamplesFound, and rawBodyOrCanonicalizationMentioned
  • detected signature headers and algorithms when found
  • bestPageUrl, evidenceUrls, sampled URLs, warnings, and practical recommendations

Pricing

from $4.00 / 1,000 audited webhook documentation URLs

This Actor uses Apify Pay per Event pricing with platform usage included. The row event is charged only for useful rows written to the default dataset.

EventPriceUnit
Actor start (apify-actor-start)$0.00005Once when the run starts.
Webhook docs audit row (apify-default-dataset-item)$0.004Per audited webhook documentation URL row.

A row is one public webhook documentation URL audit result. Apify plan discounts, user-configured max-charge limits, and any future Apify pricing UI changes may affect final charges.

Limitations and responsible use

  • This is a heuristic documentation audit, not legal advice, security certification, penetration testing, or live webhook validation.
  • A high score means the public docs appear to cover important implementation details; it does not prove webhooks are signed correctly in production.
  • JavaScript-heavy, blocked, sparse, or login-gated documentation may under-score.
  • Human review is recommended before relying on results for high-stakes vendor, security, procurement, or compliance decisions.
  • Use only with documentation you are allowed to access and review.

Data handling

The Actor fetches the public URLs supplied in the input and, when enabled, a small set of same-host candidate links. It writes structured audit rows to the run's default dataset and intentionally avoids storing full page contents in output.

This Actor is part of the API documentation reliability audits group. These are narrow, source-specific Apify Actors intended for scheduled checks and repeatable dataset exports — not broad scraped-content feeds.

Each listing includes its own source notes, limits, pricing, and responsible-use caveats. Use the official source links in each Actor when decisions require verification.