Unified security and verification.

Every webhook sender has different security protocols – handshakes, signatures, and oddities. With Hookdeck, you only need to keep track of one.

You handle the data. We’ll handle the chaos.

Select from a list a platforms.

Twitter, Stripe, Shopify, and other commons providers.

Not on the list? Not a problem.

Hookdeck can sign any HMAC, basic auth, or API key.

Choose a source.

Attach the integration to a source provider and Hookdeck will vefify its requests on your behalf.

View Platforms in Dashboard
Less Code, Less Sprawl

Implement HMAC SHA256 once for all your endpoints.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
app.use(
 express.json({
   // Store the rawBody buffer on the request
   verify: (req, res, buf) => {
     req.rawBody = buf;
   },
 })
);

app.post('/webhook', async (req, res) => {
//Extract X-Hookdeck-Signature Header from the request
const hmacHeader = req.get('X-Hookdeck-Signature');  

//Create a hash based on the parsed body
const hash = crypto.createHmac('sha256', secret).update(req.rawBody).digest('base64');

// Compare the created hash with the value of the X-Hookdeck-Signature header
if (hash === hmacHeader) {
  console.log('Webhook is originating from Hookdeck');
  res.sendStatus(200);
} else {
  console.log('Signature is invalid, rejected');
  res.sendStatus(403);
}
});

Got a quirky webhook provider? We’ve seen it all.

Contact us, we can help.

Custom response required

The API wants a specific status returned upon delivery.

Timestamp validation

The API uses a timestamp for verification.

Handshakes & challenges

The API wants you to respond to a handshake before receiving webhooks.

Help me verify my webhooks

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Deploy reliable webhook integrations in minutes.