Issue Title: Unable to Verify Ghost Event Using Webhook

vikaspotluri123 · October 10, 2023, 5:57am

You can set a webhook secret. Here’s how the secret is generated (tldr: hmac of the request payload signed with the shared secret):

github.com

TryGhost/Ghost/blob/dcb9bfa7fc4a810478219ba8a436801eba7b4b3d/ghost/core/core/server/services/webhooks/WebhookTrigger.js#L98


      
          const url = webhook.get('target_url');
          const secret = webhook.get('secret') || '';
          
          const headers = {
              'Content-Length': Buffer.byteLength(reqPayload),
              'Content-Type': 'application/json',
              'Content-Version': `v${ghostVersion.safe}`
          };
          
          if (secret !== '') {
              headers['X-Ghost-Signature'] = `sha256=${crypto.createHmac('sha256', secret).update(reqPayload).digest('hex')}, t=${Date.now()}`;
          }
          
          const opts = {
              body: reqPayload,
              headers,
              timeout: {
                  request: 2 * 1000
              },
              retry: {
                  limit: process.env.NODE_ENV?.startsWith('test') ? 0 : 5

Topic		Replies	Views
Documentation for Webhooks might be a bit outdated Developer help	1	476	February 3, 2023
Error with webhook triggers on Self-hosted Ghost Integrations & API	8	867	July 17, 2024
Webhook signature mismatch - secret and body checked Bugs	2	39	November 28, 2024
Does Ghost backend have any log related to webhooks Developer help	5	490	June 17, 2020
What Payloads do the Webhook events provide? Integrations & API	3	739	March 8, 2023

Issue Title: Unable to Verify Ghost Event Using Webhook

Related topics