Pay 0.001 USDC, verify a webhook signature against the provider canonical HMAC scheme. Supports stripe, github, vercel, cdp, slack, and generic HMAC-SHA256. Constant-time compare, clock-skew tolerance on timestamp-bearing providers. Stateless — caller supplies their secret in the request body, BitBooth never stores it. The boring API plumbing primitive every agent reinvents poorly.
curl -X POST https://app.heinrichstech.com/v1/cdp/webhook-sig-verify \
-H 'content-type: application/json' \
-d '{}'
# 1. Server returns 402 with a WWW-Authenticate: X402 challenge.
# 2. Pay 0.001 USDC to 0xDa2F35d283c42dd60B965322394bc658a5c1769F on Base mainnet
# (your x402 client signs the EIP-712 authorization).
# 3. Retry the same request with the X-PAYMENT header. The Coinbase CDP
# Facilitator verifies and settles, then the response unlocks.
import { x402Fetch } from '@bitbooth/x402-client';
const res = await x402Fetch('https://app.heinrichstech.com/v1/cdp/webhook-sig-verify', {
method: 'POST',
body: JSON.stringify({}),
wallet: process.env.AGENT_PRIVATE_KEY, // signs X-PAYMENT EIP-712
network: 'eip155:8453', // Base mainnet
});
const data = await res.json();
Every x402 client and ecosystem indexer can discover this endpoint without scraping. Hit the JSON feeds below or read the OpenAPI spec directly.