Most likely because your webhook is not configured to use HMAC authentication. ElevenLabs only includes the ElevenLabs-Signature header (format: t=timestamp,v0=hash, where hash is HMAC-SHA256 of "timestamp.request_body") when the webhook’s Auth Method is set to HMAC and a shared secret exists. If the webhook is set to OAuth, that signature header is not sent—so a handler that expects it will raise “Missing signature header.” See the docs for the header name, format, and verification examples. (elevenlabs.io)
What to check
In Dashboard: Edit the webhook and set Webhook Auth Method = HMAC; copy the shared secret. (elevenlabs.io)
In your code: Read the elevenlabs-signature header and verify it against your shared secret using the documented scheme; respond with 2xx quickly. (elevenlabs.io)
Note: If your issue occurred around July 10, 2025 for Agents/ConvAI post‑call webhooks, there was a temporary incident where some HMAC signature headers were invalid (not missing). That’s resolved. (status.elevenlabs.io)
white trench
kindred zephyr