@robinpath/webhook
0.1.0PublicSend and verify webhooks with HMAC signatures for RobinPath
@robinpath/webhook
Send webhooks with HMAC signatures, verify incoming webhook payloads, and prevent replay attacks
Why use this module?
The webhook module lets you:
- Send a webhook POST request with optional HMAC signature
- Create an HMAC signature for a webhook payload
- Verify a webhook HMAC signature using timing-safe comparison
- Verify a webhook timestamp is within acceptable tolerance to prevent replay attacks
- Parse a raw webhook body based on content type
All functions are callable directly from RobinPath scripts with a simple, consistent API.
Installation
npm install @robinpath/webhook
Quick Start
No credentials needed — start using it right away:
webhook.sign $payload "whsec_abc"
Available Functions
| Function | Description |
|---|---|
webhook.send | Send a webhook POST request with optional HMAC signature |
webhook.sign | Create an HMAC signature for a webhook payload |
webhook.verify | Verify a webhook HMAC signature using timing-safe comparison |
webhook.verifyTimestamp | Verify a webhook timestamp is within acceptable tolerance to prevent replay attacks |
webhook.parsePayload | Parse a raw webhook body based on content type |
webhook.buildPayload | Build a standardized webhook payload with event name, data, timestamp, and ID |
webhook.headers | Build webhook headers including signature and timestamp |
webhook.isValidUrl | Check if a string is a valid HTTP/HTTPS webhook URL |
Examples
Create an HMAC signature for a webhook payload
webhook.sign $payload "whsec_abc"
Verify a webhook HMAC signature using timing-safe comparison
webhook.verify $body "whsec_abc" $signatureHeader
Verify a webhook timestamp is within acceptable tolerance to prevent replay attacks
webhook.verifyTimestamp $timestamp 60000
Integration with RobinPath
import { RobinPath } from "@wiredwp/robinpath";
import Module from "@robinpath/webhook";
const rp = new RobinPath();
rp.registerModule(Module.name, Module.functions);
rp.registerModuleMeta(Module.name, Module.functionMetadata);
const result = await rp.executeScript(`
webhook.sign $payload "whsec_abc"
`);
Full API Reference
See MODULE.md for complete documentation including all parameters, return types, error handling, and advanced examples.
Related Modules
@robinpath/json— JSON module for complementary functionality
License
MIT
Versions (1)
| Version | Tag | Published |
|---|---|---|
| 0.1.0 | latest | yesterday |
Related Modules
@robinpath/api
HTTP client for making requests to external APIs with profiles, auth, download/upload, and auto-JSON parsing
@robinpath/auth
API authentication helpers (Basic, Bearer, API key, HMAC) for RobinPath
@robinpath/browser
Headless browser automation with Puppeteer: launch browsers, navigate pages, interact with elements, take screenshots, generate PDFs, and scrape data
@robinpath/cookie
HTTP cookie parsing, serialization, signing/verification, Set-Cookie handling, and cookie jar management
$ robinpath install @robinpath/webhook