This is a simple Express.js application for testing webhooks with OpenPay. It includes webhook signature verification to ensure the authenticity of incoming webhook requests.
- Node.js installed on your system
- ngrok installed (for local development)
- An OpenPay account with webhook configuration
- Install dependencies:
pnpm install-
Configure your webhook secret:
- Open
app.ts - Replace the empty string in
WH_SECRET_KEYwith your webhook secret from the OpenPay dashboard
- Open
-
Start the application:
pnpm build
pnpm start- Install ngrok if you haven't already:
npm install -g ngrok- Start ngrok to create a public URL for your local server:
ngrok http 8080-
Copy the HTTPS URL provided by ngrok (it will look like
https://xxxx-xx-xx-xxx-xx.ngrok.io) -
Configure your webhook in the OpenPay dashboard:
- Go to your OpenPay dashboard
- Navigate to the webhook settings
- Set the webhook URL to your ngrok URL +
/webhook(e.g.,https://xxxx-xx-xx-xxx-xx.ngrok.io/webhook)
- The application will listen for POST requests at
/webhook - Incoming webhooks will be automatically verified using the signature-digest header
- Valid webhooks will be logged to the console
- The application will respond with a 200 status code for successful webhook processing
- The application uses the
@getopenpay/clientpackage to verify webhook signatures - Make sure to keep your webhook secret key secure and never commit it to version control
- The application will reject webhooks with invalid signatures
- If you receive "Invalid webhook signature" errors, verify that:
- Your webhook secret key is correctly set in the application
- The signature-digest header is being sent with the webhook request
- The request body matches exactly what was sent by OpenPay