Module webhook_sig 

HMAC-SHA256 signing for outbound webhook payloads.

Format on the wire: X-Allowthem-Signature: t=<unix-seconds>,v1=<hex>, where the hex is HMAC-SHA256(key, "{timestamp}.{body}"). Mirrors Stripe’s signed-payload scheme so integrators with prior Stripe work can reuse verification snippets.

Used by:

• crate::WebhookEmailSender (epic c8m.2)
• WebhookWorker (epic 7xw.2) — adopt sign_payload during that implementation instead of a separate local signer.

Enums

SigError

Error returned by verify_payload.

Functions

sign_payload

Sign body with secret and timestamp (Unix seconds).

verify_payload

Verify a X-Allowthem-Signature header value.