Skip to content

webhookd-lab/webhookd-spec

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
scripts
scripts
 
 
test-vectors
test-vectors
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SPEC.md
SPEC.md
 
 

Repository files navigation

webhookd-spec

The signing-scheme contract for webhookd deliveries, and the language-neutral conformance vectors every webhookd SDK is tested against.

  • SPEC.md — the normative webhookd-signature-v1 scheme: how the signature is computed and how to verify it.
  • test-vectors/v1.json — machine-readable valid/invalid cases. Point your SDK's test suite at these.

If you just want to verify webhookd webhooks in your app, use the SDK for your language (e.g. webhookd on npm) — you don't need to read this. This repo is for SDK authors and anyone implementing verification from scratch.

Why this exists

webhookd's signature is Stripe-compatible and trivial to implement, so SDKs in different languages share no code. These vectors are how independent implementations stay byte-compatible: each one must pass the same suite, and the suite is cross-checked against the backend's own signer.

Regenerating / checking the vectors

node scripts/generate.mjs    # regenerate test-vectors/v1.json
node scripts/check.mjs        # assert the committed vectors are self-consistent

The generator uses only node:crypto — no dependencies

License

MIT

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages