When receiving a webhook from Loop, it is best if you verify its authenticity to prevent your application from receiving false information by malicious parties.

The verifyWebhook function in the SDK achieves this by checking the signature of the payload against the expected signature.

Parameters

• body (string): The payload of the webhook request.

• signature (string): The signature of the webhook request.

Returns

• A boolean indicating whether the signature of the webhook is valid or not.

Example

const signature = request.headers["loop-signature"];
const validWebhook = loop.verifyWebhook(request.body, signature);
if (!validWebhook) {
    throw new Error("Invalid request signature");
}