VERIFYING WEBHOOK SIGNATURES
Learn how to verify webhook signatures to ensure events are authentic.
WHY VERIFY SIGNATURES?
Webhook signatures ensure the webhook came from PatternHooks and was not tampered with.
Important
Never process webhooks without verifying signatures first.
SIGNATURE FORMAT
webhook-signature: t=1672531200,v1=5257a869...
USING THE SDK
import { Webhook } from '@patternhooks/sdk';
const wh = new Webhook('whsec_your_secret');
app.post('/webhooks', (req, res) => {
try {
const payload = wh.verify(req.body, req.headers['webhook-signature']);
// Process verified payload
res.status(200).send('OK');
} catch (err) {
res.status(400).send('Invalid signature');
}
});