Sign up (with export icon)

Webhooks server in Node.js

Show the table of contents

This article presents a simple webhooks server example.

Dependencies

Copy link

Both examples use the Express library to create the HTTP endpoint.
Also, for local development purposes, a tunneling service is required. This example uses ngrok.

npm install express jsonwebtoken
Copy code

You can download ngrok here: https://ngrok.com/download.

Examples

Copy link

Below are two examples of a webhooks server built on Express.

Example without checking the request signature

Copy link

This is a very simple example, with the server logging the body from the request to the console. The body contains the complete webhook information sent from CKEditor Cloud Services.

const express = require( 'express' );
const app = express();
app.use( express.json() );

app.post( '/', ( req, res ) => {
    console.log( 'received webhook', req.body );
    res.sendStatus( 200 );
} );

app.listen( 9000, () => console.log( 'Node.js server started on port 9000.' ) );
Copy code

Example with checking the request signature

Copy link

This example is more complex because while the server logs the webhook information to the console, it also checks if the request was sent from the CKEditor Cloud Services servers and was signed with the correct API secret.

Several variables are needed to generate and check the signature. The API secret is available in the Customer Portal for SaaS or in the Management Panel for On-Premises, the rest of the parameters are in the request:

  • method: req.method
  • url: req.url
  • timestamp: req.headers[ 'x-cs-timestamp' ]
  • body: req.rawBody

Please note that the rawBody field was added by the following configuration:

app.use( express.json( { verify: ( req, res, buffer ) => { req.rawBody = buffer; } } ) );
Copy code

This field is not available by default in Express. The body field available in Express contains the already processed data that cannot be used to generate the signature.

const crypto = require( 'crypto' );

const express = require( 'express' );
const app = express();

const API_SECRET = 'secret';

app.use( express.json( { verify: ( req, res, buffer ) => { req.rawBody = buffer; } } ) );

app.post( '/', ( req, res ) => {
    const signature = _generateSignature( req.method, req.url, req.headers[ 'x-cs-timestamp' ], req.rawBody );

    if ( signature !== req.headers[ 'x-cs-signature' ] ) {
        return res.sendStatus( 401 );
    }

    console.log( 'received webhook', req.body );
    res.sendStatus( 200 );
} );

app.listen( 9000, () => console.log( 'Node.js server started on port 9000.' ) );

function _generateSignature( method, url, timestamp, body ) {
    const hmac = crypto.createHmac( 'SHA256', API_SECRET );

    hmac.update( `${ method.toUpperCase() }${ url }${ timestamp }` );

    if ( body ) {
        hmac.update( body );
    }

    return hmac.digest( 'hex' );
}
Copy code

Usage

Copy link

Start the server with:

node index.js
Copy code

If the server is running on port 9000, run ngrok with:

./ngrok http 9000
Copy code

After this, you should see a *.ngrok.io URL. Copy the *.ngrok.io URL and paste it in the webhook configuration. You should be able to receive webhooks now.

Was this page helpful?

Every day, we work hard to keep our documentation complete. Have you spotted outdated information? Is something missing? Please report it via our contact form.

GitHubContact Us

© 2003 - 2025  CKSource. All rights reserved.