@radzor/webhook-receiver
Secure webhook receiver with HMAC signature verification, replay protection, and event routing. Validates payloads from Stripe, GitHub, Shopify, and custom sources.
Networkingv0.1.0typescriptpythonServerwebhookhmacsignaturesecurityapieventsby Radzor
Install
View source on GitHub →$npx radzor@latest add webhook-receiver
⚠ Constraints: Must receive raw request body (not parsed JSON). Configure your framework to preserve the raw body for signature verification.
Inputs
| Name | Type | Default | Description |
|---|---|---|---|
| secret* | string | — | Shared secret for HMAC signature verification.WEBHOOK_SECRET |
| algorithm | 'sha256' | 'sha1' | 'sha512' | sha256 | Hash algorithm for signature verification. |
| signatureHeader | string | x-signature-256 | HTTP header containing the signature. |
| tolerance | number | 300 | Maximum age in seconds for replay protection (0 to disable). |
| timestampHeader | string | — | HTTP header containing the event timestamp. |
secret*