# LINE Messaging API Signature Validation [TOC] ###### tags: `line` --- Normally, when a webhook event is received, the following data are provided. - Headers - `host` - `user-agent` - `content-length` - `content-type` - `x-forwarded-for` - `x-forwarded-proto` - **`x-line-signature`** - `accept-encoding` - **Request body** ## Example of Signature Validation in Java ```java private static final String ALGORITHM = "HmacSHA256"; /** * @param channelSecret Channel secret string * @param httpRequestBody Request body string * @return Base64-encoded digest value */ public static String signature(final String channelSecret, final String httpRequestBody) { try { Mac mac = Mac.getInstance(ALGORITHM); mac.init( new SecretKeySpec( channelSecret.getBytes(), ALGORITHM ) ); return Base64.encodeBase64String( mac.doFinal( httpRequestBody.getBytes("UTF-8") ) ); } catch (NoSuchAlgorithmException | InvalidKeyException | UnsupportedEncodingException ignore) { // omitted due to laziness } return ""; } ``` Compare the above result with the value of the `x-line-signature` http response header, if they are matched, the request is legit. ## References - [LINE Developers](https://developers.line.biz/) - [Messaging API reference](https://developers.line.biz/en/reference/messaging-api/) - [Messaging API reference Signature validation](https://developers.line.biz/en/reference/messaging-api/#signature-validation)