@discue/paddle-webhook-validator
v1.6.0
Published
Middleware for validation of Paddle Billing and Paddle Classic webhooks
Downloads
91
Maintainers
Readme
paddle-webhook-validator
NodeJS middleware for validation of Paddle.com Webhooks.
This module supports validating hook so Paddle Billing and the legacy Paddle Classic.
Installation
npm install @discue/paddle-webhook-validator
Usage
The validator can be used like any old ExpressJS middleware. The example below show usage of the validator in conjunction with ExpressJS Router which is optional.
The library as a whole can be used with CommonJS and ES6.
Paddle Billing
import factory from '@discue/paddle-webhook-validator/billing'
import express from 'express'
const router = express.Router()
const middleware = factory({ signatureValidation: { secretKey: process.env.PADDLE_HOOK_SECRET_KEY } })
router.use(middleware)
router.use((req, res) => {
// handle actual payload here
})
export default router
Paddle Classic (Legacy)
import paddleWebhookValidator from '@discue/paddle-webhook-validator'
import express from 'express'
import sendError from '../http/http-errors.js'
const router = express.Router()
router.use(paddleWebhookValidator({
publicKeyFilePath: './pk.txt',
allowedHttpHosts: ['paddle.com'],
allowedHttpsHosts: ['paddle.com']
}))
router.use((_err, _req, res, _next) => {
sendError.badRequest(res, {
request: 'Must contain valid payload and signature.'
})
})
router.use((req,res) => {
// handle actual payload here
})
export default router
Parameters
publicKeyText
: The public key that will be used to verify the signature of a webhook. You can find this public key in your Paddle Dashboard under Developer Tools > Public Key. The library expects a PEM encoded string.publicKeyFilePath
: The public key file that will be read and used to verify the signature of a webhook. You can find this public key in your Paddle Dashboard under Developer Tools > Public Key. The library expects a PEM encoded string.allowedHttpHosts
: limits domains that can be used in urls like update_url. Most likely you can stick with the default, which ispaddle.com
.allowedHttpHosts
: limits domains that can be used in urls like update_url. Most likely you can stick with the default, which ispaddle.com
.
Run Tests
To run tests, run the following command
npm run test