verifyWebhook
Verify webhook signature.
Function: verifyWebhook()
verifyWebhook(
payload,signature,secret,tolerance,scheme,keyCacheSize):Promise<void>
Verify webhook signature.
Parameters
payload
Uint8Array
Raw webhook request body.
signature
string
The signature to verify.
secret
string
The webhook secret.
tolerance
number = 300
Maximum allowed age of the timestamp in seconds. Defaults to 300.
scheme
string = 'v1'
Key for signatures in the signature. Defaults to "v1".
keyCacheSize
number = 50
Maximum number of HMAC keys to keep in the module-scoped cache. When exceeded, the oldest cached key is evicted. This is a performance optimization only. Defaults to 50. Set to 0 or a negative value to disable caching.
Returns
Promise<void>
Throws
Error thrown when the timestamp is missing from the signature.
Throws
Error thrown when a signature matching the scheme is missing.
Throws
Error thrown when the signature does not match the expected one.
Throws
Error thrown when the timestamp is outside the tolerance window.