Create a webhook handling system that receives, validates, and processes webhook events from external services securely.

Project Checklist

• Create endpoint to receive webhook POST requests
• Implement webhook signature verification
• Parse and validate webhook payload
• Store webhook events in database
• Implement idempotency to prevent duplicate processing
• Add retry logic for failed webhook processing

Bonus Project Checklist Items

• Create webhook event filtering and routing
• Add webhook replay functionality
• Implement webhook event queuing
• Create webhook monitoring and alerting
• Add webhook testing/debugging tools
• Support multiple webhook providers (Stripe, GitHub, etc.)

Inspiration (Any companies/libraries similar)

• Stripe Webhooks
• GitHub Webhooks
• Zapier

Hint/Code snippet to start

const crypto = require('crypto');

function verifyWebhookSignature(payload, signature, secret) {
  const hmac = crypto.createHmac('sha256', secret);
  const digest = hmac.update(payload).digest('hex');
  return crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(digest));
}

app.post('/webhook', express.raw({ type: 'application/json' }), (req, res) => {
  const signature = req.headers['x-webhook-signature'];
  const isValid = verifyWebhookSignature(req.body, signature, process.env.WEBHOOK_SECRET);

  if (!isValid) {
    return res.status(401).json({ error: 'Invalid signature' });
  }

  const event = JSON.parse(req.body);
  processWebhookEvent(event);
  res.status(200).json({ received: true });
});