In this latest Alviere HIVE release, we’ve added more security by ensuring webhook data is trusted, untampered, and verified by Alviere. Clients can verify web hook authenticity using a a secure HMAC-SHA256 signature included in every event.

Also in this release, businesses or consumers can be made children of a business parent account. This improves how clients model internal or partner hierarchies, supporting more, and richer, use cases for pay-by-bank, as well as future B2B onboarding flows.

HMAC Signature Validation for Webhooks

Going forward, clients can verify webhook authenticity using a secure HMAC-SHA256 signature included in every event. This ensures webhook data is trusted, untampered, and verifiably sent by Alviere.

• New header: {{X-Alviere-Signature}} → HMAC-SHA256 hash of the payload.

• Optional feature: existing webhooks continue to function without change.

• Clients who wish to enable verification can opt in by sharing their webhook secret with Alviere.

Allow Businesses/Consumers to be Child of Business Accounts

Users can now associate business or consumer accounts as children of a business parent account, allowing more precise hierarchy modeling and expanding support for advanced pay-by-bank and upcoming B2B onboarding flows.

• Businesses or consumers can now be created as children of a business account.

• Validation ensures only business accounts can act as parents.

• Ownership hierarchy is visible across account data and events.

• No changes required for existing clients.