Start building
Star on GitHub 47K Start building
Back

webhook signature verification

  • 0
  • Functions
  • Cloud
View on Discord
amitrochates
28 Mar, 2025, 05:23

I'm trying to use a payment services webhook and verifying the signture. I'm having some trouble with processing payload.

the webhook.verify function in standardwebhooks library requires a string or a Buffer payload (as seen in error in image 2)

When I try it in a local express app. I do this- (see commented code 1) (the express.raw at the top allows me to access the raw payload without express preprocessing it) I log the response to see types if payload and it comes like this [image 1],

notice the payload is type buffer, i convert it to string and pass it to function. This works.

Now when I replicate the same thing in appwrite - (see commented code 2) , the payload is coming in as object and I think that is causing issues with webhook.verify function, getting a response like this [image 2] What I suspect is happening is appwrite preprocesses the payload and converts it from buffer to object.

Here are some questions I have .

  1. is there a way to stop this preprocessing like I'm doing in express and get a raw buffer payload.
  2. can I use express in an appwrite cloud function and do it like that.
  3. any other way I can verify the signature, I suspect this should be something similar to what stripe uses, so if you have verified stripe payload maybe that would apply here as well.

Thanks in advance!

TL;DR
Developers are having trouble with webhook signature verification. In express, they convert the buffer payload to a string before passing it to the verification function, which works. In Appwrite, the payload is coming in as an object, causing issues with the verification function that requires a string or a buffer payload. They suspect Appwrite preprocesses the payload. Questions: 1. Is there a way to stop Appwrite's preprocessing and get the raw buffer payload like in express? 2. Can they use express in an Appwrite cloud function? 3. Any other way to verify the signature similar to how Stripe does it? Solution: To access the
amitrochates
28 Mar, 2025, 05:24

express code code 1

TypeScript
app.post('/webhook', async (req, res) => {
  try {
    console.log("req", req.body)
    console.log(typeof req.body)
    const rawBody = req.body.toString('utf8');
    const headersList = req.headers;
  
    let webhookHeaders = {
        "webhook-id": headersList["webhook-id"] || "",
        "webhook-signature": headersList["webhook-signature"] || "",
        "webhook-timestamp": headersList["webhook-timestamp"] || "",
    };
    try{
    const verifyres =  await webhook.verify(rawBody, webhookHeaders);
    console.log("verifyres", verifyres)```
amitrochates
28 Mar, 2025, 05:24

appwrite code code 2

TypeScript
  try {
    let params = req.body || {};
    log(typeof params)
    log("params",params )
    const rawBody = params.toString('utf8');
    log("rawBody",rawBody)
    log(typeof rawBody)
    const headersList = req.headers;
    let webhookHeaders = {
        "webhook-id": headersList["webhook-id"] || "",
        "webhook-signature": headersList["webhook-signature"] || "",
        "webhook-timestamp": headersList["webhook-timestamp"] || "",
    };
    log("webHookHeaders", webhookHeaders)
    log(typeof webhookHeaders)
    try{
    const verifyres =  await webhook.verify(params, webhookHeaders);
    log("verifyres", verifyres)```
amitrochates
28 Mar, 2025, 05:25

code pasted in comments bcs post limit reached 😅

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more