diff --git a/api-reference/request-signing.mdx b/api-reference/request-signing.mdx
index 15368e3..a31a714 100644
--- a/api-reference/request-signing.mdx
+++ b/api-reference/request-signing.mdx
@@ -2,11 +2,11 @@
 title: 'Request signing'
 ---
 
-We sign outbound requests we make to your target URLs with a HMAC signature using a shared secret key. This allows you to verify that the request was made by Plain and not a third party. 
+We sign outbound requests we make to your target URLs with a HMAC signature using a shared secret key. This allows you to verify that the request was made by Plain and not a third party.
 
 ## How to verify
 
-Your workspace has a global HMAC secret, this secret can be viewed and (re)generated by workspace admins in **Settings** → **Request signing**. 
+Your workspace has a global HMAC secret, this secret can be viewed and (re)generated by workspace admins in **Settings** → **Request signing**.
 
 If you have a HMAC secret set up, when you receive a request from Plain you will see a header `Plain-Request-Signature` with the HMAC signature.
 You can verify this signature by hashing the request body with your HMAC secret and comparing it to the signature in the header.
@@ -22,10 +22,12 @@ const crypto = require('crypto');
 const requestBody = JSON.stringify(request.body);
 
 const incomingSignature = request.headers['Plain-Request-Signature'];
-const expectedSignature = crypto.createHmac('sha-256', '<HMAC SECRET>').update(requestBody).digest('hex');
+const expectedSignature = crypto
+  .createHmac('sha-256', '<HMAC SECRET>')
+  .update(requestBody)
+  .digest('hex');
 
 if (incomingSignature !== expectedSignature) {
   return response.status(403).send('Forbidden');
 }
 ```
-