DocsSecuring your Webhook

Webhook Security

Ensure your app stays secure by verifying webhook requests. Follow the steps below to check if a webhook request is genuinely from us.

Verification Methods

1. Use the SDK

Quickly verify webhooks using our SDK:

import { constructEvent } from "next-cron-node";
 
const event = constructEvent(requestBody, signature, webhookSecret);

2. Manual Verification

If we don’t support your framework yet, you can manually verify the webhook.

Step 1: Gather Required Data

  • Request Body: Use the raw, unmodified data.
  • Signature: Retrieve this from the x-signature header.
  • Webhook Secret: Found in your Next Cron account.

Step 2: Create an Expected Signature

Generate the correct signature using TypeScript:

import { createHmac } from "crypto";
 
const expectedSignature = createHmac("sha256", webhookSecret)
  .update(requestBody)
  .digest("hex");

Step 3: Compare Signatures

Check that your generated signature matches the one from the request header. If they match, the request is verified.

Troubleshooting

If you experience any issues or need help, contact us at [email protected].

CronLocal Development