A very small, standalone express application, to take inspiration from when constructing your own HMAC signatures for verification when receiving webhooks.
This app constructs a HMAC SHA 256 using a shared secret between your system and the upstream service you're subscribing to, and expects the upstream signature to be set in the headers.
Please be aware that some special characters are encoded automatically when parsing the body, which will generate inaccurate signatures. It's important to construct the signature using the raw body when comparing your generated signature against the one the request is signed with. This is done in the validateSignature middleware.
You can use something like ngrok to be able to receive traffic from the Internet, just remember to turn the tunnel off when you're done debugging.
npm i
node app.js
npm run test