A lightweight JavaScript tool for verifying the validity of incoming webhook payloads from the Chec API. This script is designed to run in a Node.js context, e.g. a serverless function/Lambda.
commercejs.com | @commercejs | Slack
npm install @chec/webhook-verifier
# or
yarn add @chec/webhook-verifier
Import verifyWebhook and use it at the start of your handler method. Provide your Chec webhook signing key as the
second argument (available in your Chec Dashboard):
import { verifyWebhook } from '@chec/webhook-verifier';
module.exports = function (request) {
verifyWebhook(request, process.env.CHEC_WEBHOOK_SIGNING_KEY);
// ... continue with your logic
}The verifyWebhook method signature is:
interface Payload {
signature?: string,
created: number,
}
export function verifyWebhook(data: Payload, signingKey: string, maxAgeSeconds: number = 300): void {
// ...
}The verifyWebhook method will throw an error if any checks fail:
- The webhook signature is missing, or the signing key is missing
- The webhook signature was invalid
- The request is older than 5 minutes (by default)
This repository is available under a BSD-3-Clause license.