The Authsignal Server SDK can be used to parse and verify incoming webhook events.
const authsignal = new Authsignal({ apiSecretKey: "YOUR_SERVER_API_SECRET_KEY" });// Obtain raw request body and signature header// For example using Express (https://expressjs.com/)const payload = req.body;const sig = req.headers["X-Signature-V2"];const event = authsignal.webhook.constructEvent(payload, sig);
The Authsignal SDK requires the raw body of the request to verify the signature. If you’re
using a framework, make sure it doesn’t manipulate the raw body as this will cause the signature
verification to fail.
To prevent against replay attacks, the SDK will error if more than 5 minutes has elapsed since the time that the event was sent.
This threshold can be customized by passing a tolerance value - the time (in minutes) after which requests should be rejected.
