Inputs
Paste from your server logs. Nothing is sent anywhere.
Request body
711 bytes
The raw JSON LINE POSTed to your webhook — paste the exact bytes from your request log, not a re-stringified copy.
X-Line-Signature header
0 chars
The Base64-encoded HMAC LINE sent in the request headers — usually 44 characters ending in "=".
Channel Secret
32 chars
The 32-character hex string under your Messaging API channel's Basic settings — NOT the access token.
Client-side only. Your channel secret is processed entirely in your browser via
window.crypto.subtle. Nothing is ever sent to any server.$ hmac-sha256(secret, body) | base64
Click Validate ▶
We'll compute HMAC-SHA256 over the body, base64-encode it, and compare against the header value.
crypto.subtle.importKey→ HMAC→ base64