NodeJS middleware for validation of Paddle.com Webhooks.
This module supports validating hook so Paddle Billing and the legacy Paddle Classic.
npm install @discue/paddle-webhook-validatorThe validator can be used like any old ExpressJS middleware. The example below show usage of the validator in conjunction with ExpressJS Router which is optional.
The library as a whole can be used with CommonJS and ES6.
import factory from '@discue/paddle-webhook-validator/billing'
import express from 'express'
const router = express.Router()
const middleware = factory({ signatureValidation: { secretKey: process.env.PADDLE_HOOK_SECRET_KEY } })
router.use(middleware)
router.use((req, res) => {
// handle actual payload here
})
export default routerimport paddleWebhookValidator from '@discue/paddle-webhook-validator'
import express from 'express'
import sendError from '../http/http-errors.js'
const router = express.Router()
router.use(paddleWebhookValidator({
publicKeyFilePath: './pk.txt',
allowedHttpHosts: ['paddle.com'],
allowedHttpsHosts: ['paddle.com']
}))
router.use((_err, _req, res, _next) => {
sendError.badRequest(res, {
request: 'Must contain valid payload and signature.'
})
})
router.use((req,res) => {
// handle actual payload here
})
export default routerpublicKeyText: The public key that will be used to verify the signature of a webhook. You can find this public key in your Paddle Dashboard under Developer Tools > Public Key. The library expects a PEM encoded string.publicKeyFilePath: The public key file that will be read and used to verify the signature of a webhook. You can find this public key in your Paddle Dashboard under Developer Tools > Public Key. The library expects a PEM encoded string.allowedHttpHosts: limits domains that can be used in urls like update_url. Most likely you can stick with the default, which ispaddle.com.allowedHttpHosts: limits domains that can be used in urls like update_url. Most likely you can stick with the default, which ispaddle.com.
To run tests, run the following command
npm run test