A simple function to quickly see if the webhook is from QuickBooks.
QuickBooks can send webhooks to your application. These webhooks include a header that you should verify to avoid allowing anyone to trigger your code.
Verifying that these webhooks are coming from QuickBooks can be an annoying task. This function tackles it all for you.
import verifyWebhookSignature from 'verify-quickbooks-webhooks';
// or
const verifyWebhookSignature = require('verify-quickbooks-webhooks');
const isValidRequest = verifyWebhookSignature(
verificationTokenFromQuickBooksDashboard, // store this as an env variable or something. You get it from the QB dashboard
incomingQuickBooksSignatureFromHeaders, // request.headers['intuit-signature'];
payload // the request.body string
);
if (!isValidRequest) {
throw new Error('Sorry, this does not look to be a valid action');
}// typescript example including webhook type def
import verifyWebhookSignature, {
QuickBooksEventNotificationsType,
} from 'verify-quickbooks-webhooks';
const isValidRequest = verifyWebhookSignature(
verificationTokenFromQuickBooksDashboard, // store this as an env variable or something. You get it from the QB dashboard
incomingQuickBooksSignatureFromHeaders, // request.headers['intuit-signature'];
payload // the request.body string
);
if (!isValidRequest) {
throw new Error('Sorry, this does not look to be a valid action');
}
const body = JSON.parse(event.body);
const eventNotifications: QuickBooksEventNotificationsType =
body.eventNotifications;