Webhook Setup and HMAC Signature Verification in Node.js — Step by Step

Why This Tutorial Exists

Webhook verification is the most commonly skipped step in crypto payment integrations — and the most critical one. This tutorial fixes that with a production-ready implementation you can copy directly.

What You Will Build

• Express webhook endpoint with raw body capture
• HMAC-SHA256 signature verification middleware
• Replay attack prevention via txHash deduplication
• Idempotent order fulfillment logic

Chapters

1. Understanding HMAC and why it matters (0:00)
2. Setting up the Express endpoint (5:30)
3. Capturing raw request body (9:00)
4. Implementing the signature verifier (13:20)
5. Testing with Paychainly sandbox (18:45)
6. Replay attack prevention (23:00)
7. Logging and monitoring webhook events (27:30)
8. Common mistakes to avoid (31:00)