<!-- 0Gkit docs — JOBS_WEBHOOK_BAD_SIGNATURE
     Source: https://docs.0gkit.com/errors/JOBS_WEBHOOK_BAD_SIGNATURE
     LLM-friendly Markdown twin of the page. -->

# JOBS_WEBHOOK_BAD_SIGNATURE

**Webhook HMAC signature invalid**

## What happened

An incoming webhook to the jobs runner had an HMAC signature that didn't match the expected secret — either tampered, wrong secret, or wrong canonicalization.

## How to fix

Confirm both sides are using the same secret + canonical-JSON serialization. The runner exposes `verifyWebhookSignature(body, secret, signature)` for testing.

## Example

```ts
import { jobs } from "@foundryprotocol/0gkit-jobs";

const ok = jobs.verifyWebhook(rawBody, headerSig, secret);
if (!ok) throw new Error("JOBS_WEBHOOK_BAD_SIGNATURE");
```

## Reference

- Namespace: `JOBS`
- Help URL: `https://0gkit.com/errors/JOBS_WEBHOOK_BAD_SIGNATURE`
- See also: [all error codes](/errors)
