The body, signature header, and signing secret. See VerifyWebhookOptions.
Verification result with optional parsed payload and failure reason.
import { verifyWebhookSignature, B2_WEBHOOK_SIGNATURE_HEADER } from '@backblaze-labs/b2-sdk/notifications'
app.post('/webhook', async (req, res) => {
const raw = await readRawBody(req) // raw bytes, NOT json
const result = await verifyWebhookSignature({
body: raw,
signature: req.headers[B2_WEBHOOK_SIGNATURE_HEADER],
secret: process.env.B2_WEBHOOK_SECRET,
})
if (!result.valid) return res.status(401).send(result.reason)
for (const event of result.payload.events) handleEvent(event)
res.status(204).end()
})
Verify the HMAC-SHA256 signature B2 attaches to event-notification webhooks and parse the body on success.
Never throws: returns a discriminated VerifyWebhookResult. Use this when you want a single, explicit place to branch on
validand log thereasonon rejection.