Skip to content

Instantly share code, notes, and snippets.

Last active Jan 24, 2018
What would you like to do?
Verify simple implementation to verify a GitHub webhook payload in TypeScript using NodeJs and Restify
import * as Restify from "restify"
import * as Crypto from "crypto"
type GithubWebRepository = {
id: number
name: string
full_name: string
private: boolean
git_url: string
ssh_url: string
type GitHubWebhookPayload = {
ref: string
repository: GithubWebRepository
// Webhook secret
const WEBHOOK_SECRET = "1234secret"
// Configure the server
const server = Restify.createServer();
server.use(Restify.plugins.bodyParser())'/', (req, res, next) => {
let body: GitHubWebhookPayload = req.body
let signature = req.header('X-Hub-Signature')
let event = req.header('X-GitHub-Event')
// Verify the signature
let hmac = Crypto.createHmac("sha1", WEBHOOK_SECRET)
let calculatedSignature = "sha1=" + hmac.update(JSON.stringify(req.body)).digest("hex");
if (calculatedSignature !== signature) {
return res.send(401)
server.listen(80, function () {
console.log('%s listening at %s',, server.url);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment