
		# deed - verify x-hub-signature

		The Deed [Node.js](http://nodejs.org/) module verifies [X-Hub-Signature](http://pubsubhubbub.googlecode.com/git/pubsubhubbub-core-0.3.html#authednotify) headers which can be used to authorize `HTTP` requests like [GitHub webhooks](https://developer.github.com/v3/repos/hooks/) for example.
		The Deed [Node.js](http://nodejs.org/) module verifies `X-Hub-Signature` headers which are a simple way to verify HTTP POST requests. For example, this can be used to authorize requests to callback URLs, say, from [GitHub webhooks](https://developer.github.com/v3/repos/hooks/) or the [Facebook API](https://developers.facebook.com/docs/graph-api/real-time-updates/v2.0).

		@@ -25,3 +25,3 @@ [![Build Status](https://secure.travis-ci.org/michaelnisi/deed.svg)](http://travis-ci.org/michaelnisi/deed) [![David DM](https://david-dm.org/michaelnisi/deed.svg)](http://david-dm.org/michaelnisi/deed)

		The callback receives an error if verification failed otherwise the authorized request is passed.
		The callback receives an error, if verification failed, otherwise `null` and the authorized request are passed.

		@@ -41,2 +41,8 @@ - `er` The error if an error occured or verification failed.

		The client must generate an HMAC signature of the payload and include that signature in the request headers. The `X-Hub-Signature` header's value must be `sha1=signature` where signature is a hexadecimal representation of a SHA1 signature. The signature must be computed using the HMAC algorithm with the request body as the data and the secret as the key.

		Deed recomputes the SHA1 signature with the shared secret using the same method as the client. If the signature does not match, the request cannot be verified and should probably be dropped.

		Originally this technique has been decribed in the [PubSubHubbub](http://pubsubhubbub.googlecode.com/git/pubsubhubbub-core-0.3.html#authednotify) spec.

		## Installation
		@@ -43,0 +49,0 @@

deed - npm Package Compare versions

Improved metrics