diff --git a/controllers/internals/Webhook.php b/controllers/internals/Webhook.php
index 1ca4725..6f2c59b 100644
--- a/controllers/internals/Webhook.php
+++ b/controllers/internals/Webhook.php
@@ -13,6 +13,8 @@ namespace controllers\internals;
 
 class Webhook extends StandardController
 {
+    const HMAC_ALGO = 'sha256';
+
     protected $bdd;
     protected $model;
 
@@ -105,6 +107,7 @@ class Webhook extends StandardController
     public function trigger(int $id_user, string $type, array $sms)
     {
         $internal_setting = new Setting($this->bdd);
+        $internal_user = new User($this->bdd);
         $settings = $internal_setting->gets_for_user($id_user);
 
         if (!$settings['webhook'] ?? false)
@@ -112,13 +115,28 @@ class Webhook extends StandardController
             return false;
         }
 
+        $user = $internal_user->get($id_user);
+        if (!$user)
+        {
+            return false;
+        }
+
         $webhooks = $this->gets_for_type_and_user($id_user, $type);
         foreach ($webhooks as $webhook)
         {
+            $timestamp = time();
+            $webhook_random_id = $timestamp . '-' . bin2hex(openssl_random_pseudo_bytes(16));
+            
+            //signature is hexa string representing hmac sha256 of webhook_random_id
+            $webhook_signature = hash_hmac(self::HMAC_ALGO, $webhook_random_id, $user['api_key']);
+            
             $message = [
                 'url' => $webhook['url'],
                 'data' => [
+                    'webhook_timestamp' => $timestamp,
                     'webhook_type' => $webhook['type'],
+                    'webhook_random_id' => $webhook_random_id,
+                    'webhook_signature' => $webhook_signature,
                     'id' => $sms['id'],
                     'at' => $sms['at'],
                     'text' => $sms['text'],