RazorpayEx.Webhook (razorpay_ex v0.1.3)

Copy Markdown View Source

Webhook verification for Razorpay.

This module provides utilities for verifying webhook signatures to ensure that webhooks are genuinely from Razorpay.

Usage

# Verify webhook signature
signature = get_req_header("x-razorpay-signature")
body = get_req_body()

if Razorpay.Webhook.verify(body, signature, "your_webhook_secret") do
  # Process webhook
  process_webhook(body)
else
  # Invalid signature
  {:error, :invalid_signature}
end

Note

Always verify webhook signatures in production to prevent unauthorized requests.

Summary

Functions

extract_signature(headers)

Extracts webhook signature from headers.

generate_signature(payload, secret)

Generates a webhook signature for a payload.

verify(payload, signature, secret)

Verifies a webhook signature.

Functions

extract_signature(headers)

@spec extract_signature(map() | keyword()) :: String.t() | nil

Extracts webhook signature from headers.

Parameters

  • headers: Map or keyword list of headers

Returns

  • Signature string or nil if not found

Examples

signature = Razorpay.Webhook.extract_signature(%{"x-razorpay-signature" => "sig_123"})

generate_signature(payload, secret)

@spec generate_signature(String.t(), String.t()) :: String.t()

Generates a webhook signature for a payload.

Parameters

  • payload: Raw webhook payload body
  • secret: Webhook secret

Returns

  • Hexadecimal signature string

Examples

signature = Razorpay.Webhook.generate_signature(payload, "secret")

verify(payload, signature, secret)

@spec verify(String.t(), String.t(), String.t()) :: boolean()

Verifies a webhook signature.

Parameters

  • payload: Raw webhook payload body
  • signature: The x-razorpay-signature header value
  • secret: Your webhook secret from Razorpay dashboard

Returns

  • true if signature is valid
  • false if signature is invalid

Examples

# Verify signature
RazorpayEx.Webhook.verify(payload, signature, "webhook_secret_123")