Signature verification only works if you can read the raw request body before Flask's parser touches it, and retries only stop hammering you once the endpoint answers fast every time. A DenkOps slot keeps your Flask process resident, so the raw body is always available and the response is instant, no cold-start window where a provider's retry queue backs up.
import hmac, hashlib
from flask import Flask, request, abort
app = Flask(__name__)
SECRET = b"whsec_..." # env var
@app.post("/hook")
def hook():
sig = request.headers.get("X-Signature", "")
digest = hmac.new(SECRET, request.get_data(), hashlib.sha256).hexdigest()
if not hmac.compare_digest(sig, digest):
abort(401)
# request.get_json() is safe now the signature checked out
return {"ok": True}Deploy it: install the plugin, say "deploy on DenkOps", and get a live SSL URL.
Start on DenkOps →Yes. request.get_data() gives you the untouched body before Flask parses JSON, so signature checks are exact, the same as running Flask on your own server.
No. The slot runs your Flask app continuously, so there is no import or worker spin-up delay when a provider calls the hook.