GuidesPreview

Webhook Verification

Verify every webhook signature before updating merchant orders.

Why verification matters

Webhook verification helps ensure that payment status updates were sent by Yera Connect and were not modified in transit.

Raw body requirement

Always verify the exact raw request body before parsing JSON. Parsing and re-stringifying JSON can change the signed payload.

Node.js example

Verify HMAC signature
import crypto from "crypto";

export function verifyYeraWebhook({
  rawBody,
  timestamp,
  signature,
  secret,
}: {
  rawBody: string;
  timestamp: string;
  signature: string;
  secret: string;
}) {
  const signedPayload = `${timestamp}.${rawBody}`;
  const expected =
    "sha256=" +
    crypto.createHmac("sha256", secret).update(signedPayload).digest("hex");

  return crypto.timingSafeEqual(
    Buffer.from(expected),
    Buffer.from(signature),
  );
}

Duplicate events

  • Store the event ID.
  • Return success for safe duplicate delivery.
  • Do not send duplicate merchant notifications.

We use cookies

Yera Connect uses cookies to keep the website secure, remember preferences, and improve the merchant experience. By selecting Accept, you agree to our Cookie Policy.