Lacked
Here's a code snippet
TypeScript
const signature = req.headers['x-appwrite-webhook-signature'];
if (!signature) {
return res.json({ error: "Bad signature request" });
}
// Create expected signature
const expectedSignature = crypto.createHmac('sha1', process.env.WEBHOOK_SIG_KEY)
.update(`${process.env.WEBHOOK_ENDPOINT}${JSON.stringify(payload)}`)
.digest('base64');
// Securely compare the signatures
if (!crypto.timingSafeEqual(Buffer.from(expectedSignature, 'base64'), Buffer.from(signature, 'base64')))
{
return res.json({ error: "Unauthorized" });
}...```
Is this enough to keep my webhook secure?
TL;DR
Code snippet provided shows how a developer is verifying the authenticity of a webhook message in Node.js by comparing signatures. It includes comparing expected and actual signatures using `crypto.timingSafeEqual`. This approach is secure, given proper implementation of `WEBHOOK_SIG_KEY`. Recommended threads
- Localhost domain is Generated for Functi...
So i am working with appwrite Stripe Payment function and it was working file on Cloud appwrite, when i configured the function it generated me domain 67aa*****...
- How to verify webhook signature in Golan...
I am using webhook and I would like to verify the webhook signature when the call to my server is made via Appwrite webhook. Basically, I have to get the follo...
- How to implement webhook on particular c...
I have a collection where I want to call the API if an entry is added. But, as of now, I don't see the option to choose in which collection if the entry is adde...