> ## Documentation Index
> Fetch the complete documentation index at: https://docs.praeto.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Signing and Secret Rotation

> HMAC signatures, timestamp verification, and safe secret rotation.

# Signing and Secret Rotation

Praeto Dispatcher signs outbound webhook deliveries so receivers can verify the source and integrity of a request.

## Headers

```http theme={null}
praeto-event-id: 811fad9a-d2cb-4dd2-a2e1-9bb5d90190db
praeto-event-type: invoice.created
praeto-delivery-id: d904b72a-58c5-42c0-8eaa-7f4403ec77e8
praeto-timestamp: 2026-04-28T09:12:00.000Z
praeto-signature: v1=...
```

## Rotation overlap

When a signing secret is rotated, Praeto preserves the previous secret for a configured overlap period. During overlap, `praeto-signature` can include signatures generated with both current and previous secrets.

```http theme={null}
praeto-signature: v1=<current>,v1=<previous>
```

Receivers should accept the request if any active secret matches.
