Methods to handle GitHub Webhook requests
Browsers |
🚧 Load <script type="module">
import {
sign,
verify,
} from "https://cdn.skypack.dev/@octokit/webhooks-methods";
</script> |
---|---|
Node |
Install with const { sign, verify } = require("@octokit/webhooks-methods"); |
await sign("mysecret", eventPayloadString);
// resolves with a string like "sha256=4864d2759938a15468b5df9ade20bf161da9b4f737ea61794142f3484236bda3"
await sign({ secret: "mysecret", algorithm: "sha1" }, eventPayloadString);
// resolves with a string like "sha1=d03207e4b030cf234e3447bac4d93add4c6643d8"
await verify("mysecret", eventPayloadString, "sha256=486d27...");
// resolves with true or false
await sign(secret, eventPayloadString);
await sign({ secret, algorithm }, eventPayloadString);
secret
(String)
|
Required. Secret as configured in GitHub Settings. |
algorithm
(String)
|
Algorithm to calculate signature. Can be set to Learn more at Validating payloads from GitHub |
eventPayloadString
(String)
|
Required.
Webhook request payload as received from GitHub. If you have only access to an already parsed object, stringify it with JSON.stringify(payload, null, 2) + '\n'
|
Resolves with a signature
string. Throws an error if an argument is missing.
await verify(secret, eventPayloadString, signature);
secret
(String)
|
Required. Secret as configured in GitHub Settings. |
eventPayloadString
(String)
|
Required.
Webhook request payload as received from GitHub. If you have only access to an already parsed object, stringify it with JSON.stringify(payload, null, 2) + '\n'
|
signature
(String)
|
Required.
Signature string as calculated by sign() .
|
Resolves with true
or false
. Throws error if an argument is missing.
See CONTRIBUTING.md