### HMAC verification

We recommend to verify the HMAC code received with every event in your event handler. When receiving a new event on your endpoint URL, compute the HMAC of the payload using the secret (configured [here](https://developers.sinch.com/docs/numbers/api-reference/imported-hosting/imported-numbers-and-hosting-orders-callbacks/updatecallbackconfiguration)) and compare it with one received in the `X-Sinch-Signature` header.

**NOTE:** Compute the HMAC on the plain text value before parsing the JSON payload.