Our API guides here go over details on how to verify Webhooks that Lightspeed sends you using HMAC.
https://apidoc.kounta.com/webhooks/#verifying-webhooks
Please note that the algorithm used is SHA256.
One thing to be aware of is that when you are comparing the data payload we are sending you, you must be comparing it in the exact format we send it to you in.
Using a beautify tool or json.stringify or any other conversion process that can change the formatting or clear off escape characters, etc can cause conflicts with the Signature process.
Note that this payload was formatted, resulting in a non-matching signature and HMAC result:
This one is NOT formatted, and is using the raw payload, and has a matching signature and payload.