Webhook Signature

import crypto from "crypto";

function verify(request) {
  const supahubNonce = request.headers["X-Supahub-Nonce"];
  const supahubSignature = request.headers["X-Supahub-Signature"];
  const APIKey = "YOUR_API_KEY";

  const calculated = crypto
    .createHmac("sha256", APIKey)
    .update(supahubNonce)
    .digest("base64");

  return supahubSignature === calculated;
}

Webhook Signature Verification involves two key headers:

X-Supahub-Nonce

string

Type of event.

X-Supahub-Signature

string

Associated event data.

import crypto from "crypto";

function verify(request) {
  const supahubNonce = request.headers["X-Supahub-Nonce"];
  const supahubSignature = request.headers["X-Supahub-Signature"];
  const APIKey = "YOUR_API_KEY";

  const calculated = crypto
    .createHmac("sha256", APIKey)
    .update(supahubNonce)
    .digest("base64");

  return supahubSignature === calculated;
}

Event Types

import crypto from "crypto";

function verify(request) {
  const supahubNonce = request.headers["X-Supahub-Nonce"];
  const supahubSignature = request.headers["X-Supahub-Signature"];
  const APIKey = "YOUR_API_KEY";

  const calculated = crypto
    .createHmac("sha256", APIKey)
    .update(supahubNonce)
    .digest("base64");

  return supahubSignature === calculated;
}

Get Started

Resources