A simple Next.js application for debugging webhook signatures. This tool verifies HMAC SHA-256 signatures on webhook payloads and displays the results.
- Verify webhook signatures using HMAC SHA-256
- Display request details and validation results
- Simple web interface for testing
- API endpoint for integration with external tools
- Node.js (version 16 or later recommended)
- npm
-
Clone the repository
git clone https://github.com/yourusername/webhook-signature-verifier.git cd webhook-signature-verifier -
Install dependencies
npm install
-
Start the development server
npm run dev
-
Open http://localhost:3000 in your browser
The web interface allows you to:
- Enter a JSON payload
- Send a test webhook to the API endpoint
- View the response and validation results
You can send webhooks directly to the API endpoint:
curl -X POST \
http://localhost:3000/api/webhook \
-H 'Content-Type: application/json' \
-H 'X-Signature: [your-signature-here]' \
-d '{"event":"test","data":{"id":123}}'To create a valid signature, compute an HMAC with SHA-256 using the shared secret:
const crypto = require('crypto');
const payload = JSON.stringify({event: "test", data: {id: 123}});
const hmac = crypto.createHmac('sha256', 'sharedSecretHere');
hmac.update(payload);
const signature = hmac.digest('hex');
console.log(signature);You can modify the configuration in lib/constants.js:
SHARED_SECRET: The secret key used for HMAC calculationSIGNATURE_HEADER_NAME: The header name used for the signature
npm test