Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/chec/webhook-verifier

A lightweight tool for verifying the validity of webhook payloads
https://github.com/chec/webhook-verifier

commercejs webhooks

Last synced: about 1 year ago
JSON representation

A lightweight tool for verifying the validity of webhook payloads

Awesome Lists containing this project

README 

          
Webhook verifier





	A lightweight JavaScript tool for verifying the validity of incoming webhook payloads from the Chec API. This script

	is designed to run in a Node.js context, e.g. a serverless function/Lambda.






	

		CI status

	

	

		Version

	

	

		Downloads/week

	

	

		License

	

	


	commercejs.com | @commercejs | Slack




## Installation



```

npm install @chec/webhook-verifier

# or

yarn add @chec/webhook-verifier

```



## Usage



Import `verifyWebhook` and use it at the start of your handler method. Provide your Chec webhook signing key as the

second argument (available in your [Chec Dashboard](https://dashboard.chec.io/settings/webhooks)):



```js

import { verifyWebhook } from '@chec/webhook-verifier';



module.exports = function (request) {

    verifyWebhook(request, process.env.CHEC_WEBHOOK_SIGNING_KEY);



    // ... continue with your logic

}

```



The `verifyWebhook` method signature is:

```ts

interface Payload {

    signature?: string,

    created: number,

}



export function verifyWebhook(data: Payload, signingKey: string, maxAgeSeconds: number = 300): void {

    // ...

}

```



The `verifyWebhook` method will throw an error if any checks fail:

* The webhook signature is missing, or the signing key is missing

* The webhook signature was invalid

* The request is older than 5 minutes (by default)



## License



This repository is available under a [BSD-3-Clause license](./LICENSE.md).