@octokit/webhooks-methods
v5.1.0
Published
Methods to handle GitHub Webhook requests
Downloads
4,852,308
Readme
webhooks-methods.js
Methods to handle GitHub Webhook requests
usage
Browsers
🚧 @octokit/webhooks-methods
is not meant to be used in browsers. The webhook secret is a sensitive credential that must not be exposed to users.
Load @octokit/webhooks-methods
directly from esm.sh
<script type="module">
import {
sign,
verify,
verifyWithFallback,
} from "https://esm.sh/@octokit/webhooks-methods";
</script>
Node
Install with npm install @octokit/core @octokit/webhooks-methods
import { sign, verify, verifyWithFallback } from "@octokit/webhooks-methods";
await sign("mysecret", eventPayloadString);
// resolves with a string like "sha256=4864d2759938a15468b5df9ade20bf161da9b4f737ea61794142f3484236bda3"
await sign({ secret: "mysecret", algorithm: "sha1" }, eventPayloadString);
// resolves with a string like "sha1=d03207e4b030cf234e3447bac4d93add4c6643d8"
await verify("mysecret", eventPayloadString, "sha256=486d27...");
// resolves with true or false
await verifyWithFallback("mysecret", eventPayloadString, "sha256=486d27...", ["oldsecret", ...]);
// resolves with true or false
Methods
sign()
await sign(secret, eventPayloadString);
await sign({ secret, algorithm }, eventPayloadString);
Algorithm to calculate signature. Can be set to sha1
or sha256
. sha1
is supported for legacy reasons. GitHub Enterprise Server 2.22 and older do not send the X-Hub-Signature-256
header. Defaults to sha256
.
Learn more at Validating payloads from GitHub
Resolves with a signature
string. Throws an error if an argument is missing.
verify()
await verify(secret, eventPayloadString, signature);
Resolves with true
or false
. Throws error if an argument is missing.
verifyWithFallback()
await verifyWithFallback(
secret,
eventPayloadString,
signature,
additionalSecrets,
);
This is a thin wrapper around verify()
that is intended to ease callers' support for key rotation.
Resolves with true
or false
. Throws error if a required argument is missing.
Contributing
See CONTRIBUTING.md