I'm not entirely sure. Someone may need to check this, I used Ai for help. But it might get you started.
..in Wappler (Node.js + Docker)
- Create a new Server API action
Let’s call it: webhook_verify
You’ll find this under Server Connect > API > Add API Action
2. Edit the routing manually
Wappler by default uses express.json() which parses and loses the raw body. To get around this:
In your Wappler project folder:
Open:
/dmxConnect/api/webhook_verify.js
Then override the default body parser for that route:
const express = require('express');
const router = express.Router();
const crypto = require('crypto');
// Use raw body parser for this specific route
router.use(express.raw({ type: '*/*' }));
router.post('/', (req, res) => {
const secret = 'YOUR_SECRET_KEY';
const rawBody = req.body; // Buffer
const signatureHeader = req.headers['x-signature'] || '';
// Generate HMAC
const generatedSig = crypto
.createHmac('sha256', secret)
.update(rawBody)
.digest('hex');
// Compare
if (signatureHeader === generatedSig) {
res.status(200).send('Verified');
} else {
res.status(400).send('Invalid signature');
}
});
module.exports = router;
This will:
Skip Wappler’s default body-parser middleware
Use express.raw() so you get the raw webhook body
Let you verify signatures securely
Important Notes
Don't put Server Connect steps inside this file—it’s acting as a custom Express route.
You can’t use Wappler’s UI for steps in this case because the data needs to remain unparsed.
But you can call Server Connect APIs from inside this handler after verifying the webhook, if needed.
Optional: Test Locally
You can test with curl or a Postman webhook simulation like:
curl -X POST http://localhost:3000/api/webhook_verify \
-H "x-signature: your_expected_signature" \
-H "Content-Type: application/json" \
--data-binary @payload.json