Skip to main content

validateWebhookSignature()

Available from v3.2.30

Validates that the signature that was received by a webhook endpoint is authentic. If the validation fails, an error is thrown.

API

The function accepts an object with three key-value pairs:

secret

The same webhook secret that was passed to renderMediaOnLambda()'s webhook options.

body

The body that was received by the endpoint.

signatureHeader

The X-Remotion-Signature header from the request that was received by the endpoint.

Example

In the following Next.JS webhook endpoint, an error gets thrown if the signature does not match the one expected one or is missing..

pages/api/webhook.ts
tsx
import {
validateWebhookSignature,
WebhookPayload,
} from "@remotion/lambda/client";
 
export default async function handler(
req: NextApiRequest,
res: NextApiResponse
) {
validateWebhookSignature({
secret: process.env.WEBHOOK_SECRET as string,
body: req.body,
signatureHeader: req.headers["x-remotion-signature"] as string,
});
 
// If code reaches this path, the webhook is authentic.
const payload = JSON.parse(req.body) as WebhookPayload;
if (payload.type === "success") {
// ...
} else if (payload.type === "timeout") {
// ...
}
 
res.status(200).json({
success: true,
});
}
pages/api/webhook.ts
tsx
import {
validateWebhookSignature,
WebhookPayload,
} from "@remotion/lambda/client";
 
export default async function handler(
req: NextApiRequest,
res: NextApiResponse
) {
validateWebhookSignature({
secret: process.env.WEBHOOK_SECRET as string,
body: req.body,
signatureHeader: req.headers["x-remotion-signature"] as string,
});
 
// If code reaches this path, the webhook is authentic.
const payload = JSON.parse(req.body) as WebhookPayload;
if (payload.type === "success") {
// ...
} else if (payload.type === "timeout") {
// ...
}
 
res.status(200).json({
success: true,
});
}

See Webhooks for an Express example.

See also