Function isValidWebhookSignature

isValidWebhookSignature(params: IsValidWebhookSignatureParams): boolean

Verifies the HMAC signature extracted from the "fpjs-event-signature" header of the incoming request. This is a part of the webhook signing process, which is available only for enterprise customers. If you wish to enable it, please contact our support: https://fingerprint.com/support

Parameters

params: IsValidWebhookSignatureParams
- data: Buffer
  The raw data of the incoming request
- header: string
  The value of the "fpjs-event-signature" header.
- secret: string
  The secret key used to sign the request.

Returns boolean

true if the signature is valid, false otherwise.

Example

// Webhook endpoint handler
export async function POST(request: Request) {
  try {
    const secret = process.env.WEBHOOK_SIGNATURE_SECRET;
    const header = request.headers.get("fpjs-event-signature");
    const data = Buffer.from(await request.arrayBuffer());

    if (!isValidWebhookSignature({ header, data, secret })) {
      return Response.json(
        { message: "Webhook signature is invalid." },
        { status: 403 },
      );
    }

    return Response.json({ message: "Webhook received." });
  } catch (error) {
    return Response.json({ error }, { status: 500 });
  }
}

Function isValidWebhookSignature

Parameters

data: Buffer

header: string

secret: string

Returns boolean

Example

Settings