verifyRequestSignature()

const caldotcom = client.defineHttpEndpoint({
  id: "cal.com",
  source: "cal.com",
  icon: "caldotcom",
  verify: async (request) => {
    //this is a useful helper function that can verify sha256 signatures
    //each API has a different header name
    return await verifyRequestSignature({
      request,
      //you can find the header name in the API's documentation
      headerName: "X-Cal-Signature-256",
      //you can find the secret in the Trigger.dev dashboard, on the HTTP endpoint page
      secret: process.env.CALDOTCOM_SECRET!,
      algorithm: "sha256",
    });
  },
});

const caldotcom = client.defineHttpEndpoint({
  id: "cal.com",
  source: "cal.com",
  icon: "caldotcom",
  verify: async (request) => {
    //this is a useful helper function that can verify sha256 signatures
    //each API has a different header name
    return await verifyRequestSignature({
      request,
      //you can find the header name in the API's documentation
      headerName: "X-Cal-Signature-256",
      //you can find the secret in the Trigger.dev dashboard, on the HTTP endpoint page
      secret: process.env.CALDOTCOM_SECRET!,
      algorithm: "sha256",
    });
  },
});

Most webhooks come with a signature in the request header. This signature is used to verify that the request is coming from the expected source. To verify you typically need to take the body of the payload, hash it and compare it with the signature in the header. You use a secret when you hash the payload to make sure that the payload hasn’t been tampered with. When using HttpEndpoint you are required to verify the payload. verifyRequestSignature() is a helper function that makes this easy for the majority of webhooks.

const caldotcom = client.defineHttpEndpoint({
  id: "cal.com",
  source: "cal.com",
  icon: "caldotcom",
  verify: async (request) => {
    //this is a useful helper function that can verify sha256 signatures
    //each API has a different header name
    return await verifyRequestSignature({
      request,
      //you can find the header name in the API's documentation
      headerName: "X-Cal-Signature-256",
      //you can find the secret in the Trigger.dev dashboard, on the HTTP endpoint page
      secret: process.env.CALDOTCOM_SECRET!,
      algorithm: "sha256",
    });
  },
});

Parameters

options

required

Hide options

request

Request

required

The web request that you want to verify.

headerName

string

required

The name of the header that contains the signature. E.g. X-Cal-Signature-256.

headerEncoding

BinaryToTextEncoding

The header encoding. Defaults to hex.

secret

string

required

The secret that you use to hash the payload. For HttpEndpoints this will usually originally come from the Trigger.dev dashboard and should be stored in an environment variable.

algorithm

sha256

required

The hashing algorithm that was used to create the signature. Currently only sha256 is supported.

Returns

VerifyResult

required

Hide child attributes

success

boolean

required

Whether the signature is valid or not

reason

string

If success is false then you can provide the reason it failed. This is dealt with for you by the verifyRequestSignature() function.

redactString Create an event

⌘I

SDK

HTTP Reference

React SDK

verifyRequestSignature()

Parameters

Returns

SDK

HTTP Reference

React SDK

​Parameters

​Returns

Parameters

Returns