{"id":16549205,"url":"https://github.com/jeysal/ifttt-webhook-shield","last_synced_at":"2026-03-16T05:15:14.796Z","repository":{"id":26430628,"uuid":"108910448","full_name":"jeysal/ifttt-webhook-shield","owner":"jeysal","description":"IFTTT webhook URLs without embedded maker key","archived":false,"fork":false,"pushed_at":"2023-01-04T01:19:31.000Z","size":1877,"stargazers_count":5,"open_issues_count":16,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-07-03T21:46:55.495Z","etag":null,"topics":["forward","hmac","ifttt","proxy","shield","webhook","webhooks"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jeysal.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-10-30T21:27:59.000Z","updated_at":"2023-03-10T09:39:37.000Z","dependencies_parsed_at":"2022-09-20T18:01:38.735Z","dependency_job_id":null,"html_url":"https://github.com/jeysal/ifttt-webhook-shield","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/jeysal/ifttt-webhook-shield","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeysal%2Fifttt-webhook-shield","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeysal%2Fifttt-webhook-shield/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeysal%2Fifttt-webhook-shield/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeysal%2Fifttt-webhook-shield/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jeysal","download_url":"https://codeload.github.com/jeysal/ifttt-webhook-shield/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeysal%2Fifttt-webhook-shield/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30567432,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-16T04:42:47.996Z","status":"ssl_error","status_checked_at":"2026-03-16T04:42:44.668Z","response_time":96,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["forward","hmac","ifttt","proxy","shield","webhook","webhooks"],"created_at":"2024-10-11T19:28:39.160Z","updated_at":"2026-03-16T05:15:14.766Z","avatar_url":"https://github.com/jeysal.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ifttt-webhook-shield\n\u003e IFTTT webhook URLs without embedded maker key\n\n[![build status](https://img.shields.io/travis/jeysal/ifttt-webhook-shield/master.svg?style=flat-square)](https://travis-ci.org/jeysal/ifttt-webhook-shield)\n[![AppVeyor build status](https://img.shields.io/appveyor/ci/jeysal/ifttt-webhook-shield/master.svg?style=flat-square\u0026label=windows+build)](https://ci.appveyor.com/project/jeysal/ifttt-webhook-shield)\n[![code coverage](https://img.shields.io/codecov/c/github/jeysal/ifttt-webhook-shield/master.svg?style=flat-square)](https://codecov.io/gh/jeysal/ifttt-webhook-shield)\n\n[![license](https://img.shields.io/github/license/jeysal/ifttt-webhook-shield.svg?style=flat-square)](https://github.com/jeysal/ifttt-webhook-shield/blob/master/LICENSE)\n\n## The problem\n\n[IFTTT webhooks](https://ifttt.com/maker_webhooks) are a great tool for integrating IFTTT with anything that supports HTTP.  \nHowever, they have a small shortcoming: You cannot give a link to anyone without compromising your IFTTT maker key, because it is embedded in the URL:\n`https://maker.ifttt.com/trigger/\u003cevent\u003e/with/key/\u003chere it is\u003e`  \nIf you were to, say, stick a NFC tag somewhere in your home, with an IFTTT webhook link on it to toggle one of your smart light bulbs\nso visitors can turn the lights on and off by holding their phone up against it, you would enable them to trigger any arbitrary webhook event -\nincluding the one that orders you new items worth 1000$, unlocks your front door or does whatever else you may have configured -\nbecause they have your key now.\n\n## The solution\n\nDo not give anyone a direct webhook link with your key embedded in it - instead, give them links that are authenticated, but only for one specific event.\n\nThis application creates an HTTP server that accepts requests to `/\u003cevent\u003e/\u003cdigest\u003e`,\nbut only forwards them to IFTTT if the digest is a valid [HMAC](https://en.wikipedia.org/wiki/Hash-based_message_authentication_code) (sha256) over the event,\nusing a secret that you gave the application.\nYour actual IFTTT maker key is only available to this server, not to anyone who gets a link to trigger webhook events.\n\n## Configuration\n\nThe following environment variables need to be set:\n\n* `PORT` (the server port, default `8080`)\n* `MAKER_KEY` (your IFTTT maker key from [here](https://ifttt.com/services/maker_webhooks/settings))\n* `HMAC_SECRET` (a sufficiently large and random secret, see [\"Running\"](#running))\n\n## Running\n\nWARNING: If you make the server available to more than just your private network, you should definitely put an HTTPS proxy in front of it.\n\n[Node.js](https://nodejs.org/) and npm are required.  \n[Clone](https://help.github.com/articles/cloning-a-repository/) this repository to your machine, then run:\n\n```bash\nnpm install\nnpm run build\nhead -c128 /dev/random \u003esecret\nMAKER_KEY=YOURKEYHERE HMAC_SECRET=\"$(cat secret)\" npm start\n```\n\nIf you visit `localhost:8080/abc/xyz` now, you should be greeted with a nice `invalid digest` message.\n\nSo how can we trigger the webhook event `abc` now?\n[OpenSSL](https://www.openssl.org/) is really good at calculating digests, so we'll just use that:\n\n```bash\necho -n abc | openssl dgst -hex -sha256 -hmac \"$(cat secret)\"\n```\n\nThis should output `(stdin)= \u003cdigest\u003e`. Use that digest to navigate to `localhost:8080/abc/\u003cdigest\u003e`.\nThis time, you should see `Congratulations! You've fired the abc event`, indicating that the request was successful.\nIf you give the URL you used here to somebody else, they will only be able to trigger this particular event on your IFTTT maker channel.\n\n### Vercel\n\nThis application is ready for deployment on the [Vercel](https://vercel.com/) platform.\nIf you deploy there, your IFTTT webhook shield will instantly be globally available behind a secure HTTPS proxy.\n\nSet up Vercel and then generate a secret as shown above.\nThen, instead of `npm start`ing locally, create the required `vercel secret`s and deploy:\n\n```bash\nvercel secrets add ifttt-maker-key YOURKEYHERE\nvercel secrets add ifttt-webhook-shield-hmac-secret \"$(cat secret)\"\nvercel\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjeysal%2Fifttt-webhook-shield","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjeysal%2Fifttt-webhook-shield","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjeysal%2Fifttt-webhook-shield/lists"}