Last active
December 6, 2020 16:33
-
-
Save thiwanka-wickramage/2e54a5f12fbbe7bd2fbe51e3fd8a25c0 to your computer and use it in GitHub Desktop.
This is a simple implementation for verify DocuSign Connect API with HMAC validation.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const verifyWebhook = async event => { | |
const keys = []; | |
keys.push(event.headers['X-DocuSign-Signature-1']); | |
keys.push(event.headers['X-DocuSign-Signature-2']); | |
const crypto = require('crypto'); | |
const hmac = crypto.createHmac('sha256', DOCUSIGN_SECRET_KEY); | |
hmac.write(event.body); | |
hmac.end(); | |
const computedKey = hmac.read().toString('base64'); | |
if (!keys.includes(computedKey)) { | |
console.log('webhook signature is not valid.'); | |
throw new Error('webhook authentication failed.'); | |
} | |
}; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment