SHA1(private_key). The signature rides the bt_signature form field as publicKey|signature pairs, over the bt_payload field. Register your private key and webhook.co reproduces the exact scheme.
Get the keys
In the Braintree Control Panel, open Settings → API Keys. You’ll register the Private Key as the signing secret. For the subscription handshake you’ll also need the matching Public Key.Register the private key
The bt_challenge handshake
Braintree verifies a new webhook with abt_challenge GET. Answering it needs your public key too, registered as a second secret with kind: braintree_public_key — available over the API or SDK:
The
braintree_public_key kind is registered via the API or SDK. The private key (your signing
secret) registers on any surface, including the CLI, and is all you need to verify incoming
events.