The signature algorithms for the webhook signature are HMAC-SHA1 (sent as x-hub-signature) and HMAC-SHA256 (sent as X-Hub-Signature-256). Currently, Flexport supports both SHA1 and SHA256 signatures and will soon deprecate SHA1. We recommend using SHA256 for new integrations and transition to SHA256 for older integrations. The string you sign with your secret key should be UTF-8 encoded.