Hookdeck Event Gateway Webhooks

When webhooks flow through the Hookdeck Event Gateway, Hookdeck queues and delivers them to your app. Each forwarded request is signed with an x-hookdeck-signature header (HMAC SHA-256, base64). Your handler verifies this signature to confirm the request came from Hookdeck.

When to Use This Skill

• Receiving webhooks through the Hookdeck Event Gateway (not directly from providers)
• Verifying the x-hookdeck-signature header on forwarded webhooks
• Using Hookdeck headers (event ID, source ID, attempt number) for idempotency and debugging
• Debugging Hookdeck signature verification failures

Essential Code (USE THIS)

Hookdeck Signature Verification (JavaScript/Node.js)

const crypto = require('crypto');