absolutepay (Node SDK) - v0.7.1
    Preparing search index...

    Function constructEvent

    • Verify a callback's signature and return the parsed, typed event — the safe way to consume a webhook.

      Recomputes the HMAC over the raw body and rejects the delivery on a bad signature or a timestamp outside the freshness window. Give it the RAW (unparsed) body string — parsing and re-serializing JSON changes bytes and breaks the signature.

      Type Parameters

      Parameters

      • rawBody: string

        The exact raw HTTP request body as a string.

      • headers: Record<string, string | string[] | undefined>

        The inbound request headers (case-insensitive lookup; array values take the first).

      • secret: string

        Your app's callback signing secret (whsec_…).

      • opts: ConstructEventOpts = {}

        Optional ConstructEventOpts (e.g. { toleranceMs: 0 } to skip freshness).

      Returns WebhookEvent<T>

      The verified, JSON-parsed WebhookEvent.

      If the signature is invalid or the timestamp is outside tolerance.

      app.post("/webhooks", (req, res) => {
      let event;
      try {
      event = constructEvent(req.rawBody, req.headers, process.env.WEBHOOK_SECRET!);
      } catch {
      return res.status(400).send("bad signature");
      }
      if (event.type === "payment.succeeded") { /* fulfill order */ }
      res.sendStatus(200);
      });