X-Hub-Signature is a compact way to validate webhooks from Facebook, GitHub, or any other source that uses this signature scheme.

Requires Node.js 16

The Express middleware that was included in this package in v1.x has been moved to a separate package. See x-hub-signature-middleware.

To install:

npm install x-hub-signature --save

Sign a buffer containing a request body:

import XHubSignature from 'x-hub-signature';
const x = new XHubSignature('sha1', 'my_little_secret');
const signature = x.sign(new Buffer('body-to-sign'));
// sha1=3dca279e731c97c38e3019a075dee9ebbd0a99f0

• algorithm (required) - sha1 or other desired signing algorithm
• secret (required) - signing secret that the webhook was signed with

Creates an XHubSignature instance.

• requestBody (required) - a string or Buffer containing the body of the request to sign

Returns a string containing the value expected in the X-Hub-Signature header.

• expectedSignature (required) - a string containing the X-Hub-Signature header value for an incoming request
• requestBody (required) - a string or Buffer containing the body of the incoming request

Returns true if the signature is valid, or false if it is invalid.

MIT License