npm install svix
// Or
yarn add svix

First, obtain your webhook secret on the configuration page for your webhook under the Signing Secret:

Then, to verify the webhook, pass your signing secret with the headers and raw payload body to the verify method.

Make sure to use the raw request body for the payload

If your framework parses JSON, you’ll want to use the raw request body instead of the parsed JSON.

import { Webhook } from "svix";

const secret = "whsec_MfKQ9r8GKYqrTwjUPD8ILPZIo2LaLaSw";

// These were all sent from the server
const headers = {
  "svix-id": "msg_p5jXN8AQM9LWM0D4loKWxJek",
  "svix-timestamp": "1614265330",
  "svix-signature": "v1,g0hM9SsE+OTPJTGt/tmIKtSyZlE3uFJELVlNIOLJ1OE=",
const payload = '{"test": 2432232314}';

const wh = new Webhook(secret);
// Throws on error, returns the verified content on success
const payload = wh.verify(payload, headers);

To view more information on how to verify signatures, and to see examples for popular frameworks, visit Svix’s documentation.

If you want to verify webhooks manually, follow this guide.