INTEGRATIONS
Webhook-endoint
1 min
// webhook endpoint app post('/webhook', (req, res) => { const payload = req body; // extract the payload const receivedsignature = req headers\['x signature']; // extract the signature from headers const timestamp = req headers\['x timestamp']; // extract the timestamp from headers (if needed) if (!receivedsignature || !timestamp) { return res status(400) send('missing signature or timestamp'); } // recreate the string to sign const payloadstring = json stringify(payload); const stringtosign = `${timestamp} ${payloadstring}`; // recreate the signature const calculatedsignature = crypto createhmac('sha256', signingkey) update(stringtosign) digest('hex'); // compare the received signature with the calculated signature if (receivedsignature === calculatedsignature) { console log('signature verified! decoded payload ', payload); // process the payload (e g , log it, store it, etc ) res status(200) send('payload received and verified!'); } else { console error('signature mismatch potential tampering detected!'); res status(403) send('invalid signature'); } });
Have a question?
Our super-smart AI, knowledgeable support team and an awesome community will get you an answer in a flash.
To ask a question or participate in discussions, you'll need to authenticate first.