Light Logo
JavaScript SDK (v0.36.0)Reference

verifyWebhook

Verify webhook signature.

Function: verifyWebhook()

verifyWebhook(payload, signature, secret, tolerance, scheme, keyCacheSize): Promise<void>

Verify webhook signature.

Parameters

payload

Uint8Array

Raw webhook request body.

signature

string

The signature to verify.

secret

string

The webhook secret.

tolerance

number = 300

Maximum allowed age of the timestamp in seconds. Defaults to 300.

scheme

string = 'v1'

Key for signatures in the signature. Defaults to "v1".

keyCacheSize

number = 50

Maximum number of HMAC keys to keep in the module-scoped cache. When exceeded, the oldest cached key is evicted. This is a performance optimization only. Defaults to 50. Set to 0 or a negative value to disable caching.

Returns

Promise<void>

Throws

Error thrown when the timestamp is missing from the signature.

Throws

Error thrown when signatures are missing from the signature.

Throws

Error thrown when the computed signature does not match signatures.

Throws

Error thrown when the timestamp is outside the tolerance window.

UserWithDetails

Represents a user with details.

WaitOptions

Options for customizing wait behaviour.