Verify Payload Signing Example (Node.js)

Below is an example of verifying the signature written in TypeScript using Node.js and native Crypto library.

using System;
using System.Security.Cryptography;
using System.Text;

namespace Example.WebHooks.Payload
{
    public class Verifier
    {
        private bool VerifySignature(string payload, string payloadSignature, string publicKey)
        {
            using var rsa2 = RSA.Create();
            rsa2.ImportRSAPublicKey(ReadPemPublicKey(publicKey), out _);
            return  rsa2.VerifyData(Encoding.UTF8.GetBytes(payload), Convert.FromBase64String(payloadSignature), HashAlgorithmName.SHA512, RSASignaturePadding.Pkcs1);
        }
    }
}

where:

• payload is the raw payload, which the system sent to the endpoint.
• signature is the X-Payload-Signature header value (an encoded bas64 string)
• publicKey is the public RSA Key generated for a WebHook, available from the organization panel (coming soon).

We strongly recommend storing the generated public key on the server-side (eg. in the environment variables).