This app shows how easy it is to verify the signature of a webhook message coming from Moov using a serverless function. Read the docs for more information.
We're using Netlify to quickly deploy the serverless function. We'll use ngrok to create a public URL that can tunnel to your localhost. The only other dependency is crypto-js for creating a hash of the header values and the webhook signature.
- Install the following libraries through a package manager (e.g. Homebrew):
- yarn
- netlify-cli
- ngrok-cli
- To use
ngrokin the next steps, you'll need to signup.
- To use
- Clone the repo and install dependencies with
yarn. - After creating a webhook in the Moov Dashboard, copy the signing secret and assign the value to a
WEBHOOK_SECRETenvironment variable. If usingnetlify cliyou can use thenetlify env:set WEBHOOK_SECRET {value}command. - In netlify.toml, you can set
redirects.toto point to either thejavascriptorgofunction in functions. - Run
netlify devto start the server. - Run
ngrok http 8888to create a public URL attached to the port your server is running on. - Copy the public URL and paste it into the Moov Dashboard as you create a new webhook. It should look like
https://random-number.ngrok.io/webhook-handler. - Send a test ping through the Moov Dashboard to your webhook or take an action that generates an event. You should see the event message logged in your console where ngrok is logged responses or from the web interface at
http://localhost:4040.