webhooks-methods.js
Methods to handle GitHub Webhook requests
Table of contents
usage
Browsers
|
🚧 @octokit/webhooks-methods is not meant to be used in browsers. The webhook secret is a sensitive credential that must not be exposed to users.
Load @octokit/webhooks-methods directly from cdn.skypack.dev
<script type="module">
import {
sign,
verify,
} from "https://cdn.skypack.dev/@octokit/webhooks-methods";
</script>
|
---|
Node
|
Install with npm install @octokit/core @octokit/webhooks-methods
const { sign, verify } = require("@octokit/webhooks-methods");
|
---|
await sign("mysecret", eventPayloadString);
await sign({ secret: "mysecret", algorithm: "sha1" }, eventPayloadString);
await verify("mysecret", eventPayloadString, "sha256=486d27...");
Methods
sign()
await sign(secret, eventPayloadString);
await sign({ secret, algorithm }, eventPayloadString);
secret
(String)
|
Required.
Secret as configured in GitHub Settings.
|
algorithm
(String)
|
Algorithm to calculate signature. Can be set to sha1 or sha256 . sha1 is supported for legacy reasons. GitHub Enterprise Server 2.22 and older do not send the X-Hub-Signature-256 header. Defaults to sha256 .
Learn more at Validating payloads from GitHub
|
eventPayloadString
(String)
|
Required.
Webhook request payload as received from GitHub.
If you have only access to an already parsed object, stringify it with JSON.stringify(payload, null, 2) + '\n'
|
Resolves with a signature
string. Throws an error if an argument is missing.
verify()
await verify(secret, eventPayloadString, signature);
secret
(String)
|
Required.
Secret as configured in GitHub Settings.
|
eventPayloadString
(String)
|
Required.
Webhook request payload as received from GitHub.
If you have only access to an already parsed object, stringify it with JSON.stringify(payload, null, 2) + '\n'
|
signature
(String)
|
Required.
Signature string as calculated by sign() .
|
Resolves with true
or false
. Throws error if an argument is missing.
Contributing
See CONTRIBUTING.md
License
MIT