true if the signature is valid, false otherwise.
// Webhook endpoint handler
export async function POST(request: Request) {
try {
const secret = process.env.WEBHOOK_SIGNATURE_SECRET;
const header = request.headers.get("fpjs-event-signature");
const data = Buffer.from(await request.arrayBuffer());
if (!isValidWebhookSignature({ header, data, secret })) {
return Response.json(
{ message: "Webhook signature is invalid." },
{ status: 403 },
);
}
return Response.json({ message: "Webhook received." });
} catch (error) {
return Response.json({ error }, { status: 500 });
}
}
Verifies the HMAC signature extracted from the "fpjs-event-signature" header of the incoming request. This is a part of the webhook signing process, which is available only for enterprise customers. If you wish to enable it, please contact our support: https://fingerprint.com/support