Teachable Expert Logo
Teachable Expert Verified Partner
Hire Me
POST /hooks

Verifying Webhook Signatures

How to validate Teachable HMAC signatures in Node.js to secure your endpoints.

Catching Webhooks Safely

When Teachable sends a webhook, you need to ensure it actually came from Teachable. Here is how you validate the HMAC signature in your backend:

const crypto = require('crypto');

function verifyTeachableWebhook(req, secret) {
  const signature = req.headers['teachable-signature'];
  const hash = crypto
    .createHmac('sha256', secret)
    .update(JSON.stringify(req.body))
    .digest('hex');
    
  return signature === hash;
}
← Back to all guides