Wondering what’s next for npm?Check out our public roadmap! »

    verify-paddle-webhook
    TypeScript icon, indicating that this package has built-in type declarations

    1.1.0 • Public • Published

    Verify your Paddle.com Webhooks

    Travis (.com) npm GitHub

    Secure your webhooks with ease by validating whether they were really sent by Paddle.com.

    Important: You will need your public key from your Paddle account. Find your public key.

    Install

    $ npm install verify-paddle-webhook
    

    API

    This package consists of one easy-to-use function - verifyPaddleWebhook - that checks the p_signature of your paddle webhook payloads against the public key of your account:

    function verifyPaddleWebhook(publicKey, webhookData)

    Arguments:

    • publicKey <string> This string is your account's public key.
    • webhookData <object> This is your webhook payload, it should be a Javascript object and it should include the p_signature property as sent by Paddle.

    Basic Usage

    const {verifyPaddleWebhook} = require('verify-paddle-webhook');
    
    const PUBLIC_KEY =
    `-----BEGIN PUBLIC KEY-----
    Your public key here
    -----END PUBLIC KEY-----`;
    
    function isValid(paddleWebhookData) {
        return verifyPaddleWebhook(PUBLIC_KEY, paddleWebhookData);
    }

    Examples

    Example: Express.js

    const express = require('express');
    const {verifyPaddleWebhook} = require('verify-paddle-webhook');
    
    const PUBLIC_KEY =
    `-----BEGIN PUBLIC KEY-----
    Your public key here
    -----END PUBLIC KEY-----`;
    
    const app = express();
    app.use(express.urlencoded());
    
    app.post('/webhook', function(req, res) {
        if (verifyPaddleWebhook(PUBLIC_KEY, req.body)) {
            console.log('Webhook is valid!');
            // process the webhook
        }
        res.sendStatus(200);
    });
    
    app.listen(80);

    Example: Using Node.js to parse the request body:

    Paddle actually sends the payload in the body of a POST request formatted as a URL-encoded query string:

    alert_id=1234567890&balance_currency=USD&balance_earnings=321.12&balance_fee=666.33 ...etc...
    

    Many high-level frameworks will convert that into a JS object for use with verifyPaddleWebhook but if you need to convert it manually then you can use the Node.js querystring module to parse the body:

    const querystring = require('querystring');
    const {verifyPaddleWebhook} = require('verify-paddle-webhook');
    
    const PUBLIC_KEY =
    `-----BEGIN PUBLIC KEY-----
    Your public key here
    -----END PUBLIC KEY-----`;
    
    function process(body) {
        const webhookData = querystring.parse(body);
        if (verifyPaddleWebhook(PUBLIC_KEY, webhookData)) {
            console.log('Webhook is valid!');
            // process the webhook
        }
    }

    Example: AWS Lambda function / Netlify function (Node.js)

    This example works for AWS Lambda and Netlify.

    Note: For AWS Lambda this assumes the Lambda function is invoked through AWS API Gateway using proxy integration (see tutorial).

    For more detail see the Node.js example.

    const querystring = require('querystring');
    const {verifyPaddleWebhook} = require('verify-paddle-webhook');
    
    const PUBLIC_KEY =
    `-----BEGIN PUBLIC KEY-----
    Your public key here
    -----END PUBLIC KEY-----`;
    
    exports.handler = async function(event, context) {
        const webhookData = querystring.parse(event.body);
        if (verifyPaddleWebhook(PUBLIC_KEY, webhookData)) {
            console.log('Webhook is valid!');
            // process the webhook
        }
    
        return {"statusCode": 200, "body": "OK"};
    }

    Install

    npm i verify-paddle-webhook

    DownloadsWeekly Downloads

    171

    Version

    1.1.0

    License

    MIT

    Unpacked Size

    14.5 kB

    Total Files

    7

    Last publish

    Collaborators

    • avatar