Issue Title: Unable to Verify Ghost Event Using Webhook

vikaspotluri123 · October 10, 2023, 5:57am

You can set a webhook secret. Here’s how the secret is generated (tldr: hmac of the request payload signed with the shared secret):

github.com

TryGhost/Ghost/blob/dcb9bfa7fc4a810478219ba8a436801eba7b4b3d/ghost/core/core/server/services/webhooks/WebhookTrigger.js#L98


      
          const url = webhook.get('target_url');
          const secret = webhook.get('secret') || '';
          
          const headers = {
              'Content-Length': Buffer.byteLength(reqPayload),
              'Content-Type': 'application/json',
              'Content-Version': `v${ghostVersion.safe}`
          };
          
          if (secret !== '') {
              headers['X-Ghost-Signature'] = `sha256=${crypto.createHmac('sha256', secret).update(reqPayload).digest('hex')}, t=${Date.now()}`;
          }
          
          const opts = {
              body: reqPayload,
              headers,
              timeout: {
                  request: 2 * 1000
              },
              retry: {
                  limit: process.env.NODE_ENV?.startsWith('test') ? 0 : 5

Topic		Replies	Views
Is there any way to add custom header to webhooks? Integrations & API	1	550	November 12, 2022
Error with webhook triggers on Self-hosted Ghost Integrations & API	5	690	September 14, 2022
Site.changed webhook event not working as expected Bugs	3	1760	May 5, 2023
I have problem with webhooks Developer help	3	534	March 13, 2019
Customizing webhook Developer help	0	230	March 9, 2021

Issue Title: Unable to Verify Ghost Event Using Webhook

Related Topics