To ensure the integrity of the webhooks you receive, we recommend verifying the signatures of the webhooks you receive. The webhook platform we use, Svix, provides packages for multiple languages that make verifying signatures easy.
Copy
Ask AI
npm install svix// Oryarn add svix
First, obtain your webhook secret on the configuration page for your webhook under the Signing Secret:Then, to verify the webhook, pass your signing secret with the headers and raw payload body to the verify method.
Make sure to use the raw request body for the payloadIf your framework
parses JSON, you’ll want to use the raw request body instead of the parsed
JSON.
Copy
Ask AI
import { Webhook } from "svix";const secret = "whsec_MfKQ9r8GKYqrTwjUPD8ILPZIo2LaLaSw";// These were all sent from the serverconst headers = { "svix-id": "msg_p5jXN8AQM9LWM0D4loKWxJek", "svix-timestamp": "1614265330", "svix-signature": "v1,g0hM9SsE+OTPJTGt/tmIKtSyZlE3uFJELVlNIOLJ1OE=",};const payload = '{"test": 2432232314}';const wh = new Webhook(secret);// Throws on error, returns the verified content on successconst payload = wh.verify(payload, headers);
To view more information on how to verify signatures, and to see examples for popular frameworks, visit Svix’s documentation.If you want to verify webhooks manually, follow this guide.