I created a webhook with a secret code on this page:
I want to add secret code check in my web application. The function like:
function handleWebhook(req, res) {
// Retrieve the secret code from the request headers
const receivedSecret = req.headers['x-hub-signature'];
// Verify the secret code
if (receivedSecret === process.env.JIRA_WEBHOOK_SECRET) {
// Secret code is valid, proceed with handling the webhook payload
console.log('Received webhook payload:', req.body);
// Respond with a 200 OK status to acknowledge receipt of the webhook
res.sendStatus(200);
} else {
// Secret code doesn't match, reject the request
console.error('Invalid secret code');
res.sendStatus(403); // Forbidden
}
}
I want to get the response header from Atlassian and find one named x-hub-signature. However I can’t use it to compare the webhook secret I created and saved in my environment. Since it(x-hub-signature) changes every time when event happened.
Then how to do the security check for the incoming response with Atlassian webhooks?