Here's how you validate a mailgun webhook in Node.js (as per the mailgun docs for securing webhooks)
'use strict';
var scmp = require('scmp')
, crypto = require('crypto')
. mailgunPrivateKey = 'XXXXXXXXXXXXX'
, mailgunTokens = {}
, mailgunExpirey = 15 * 60 * 1000