These are the requirements and steps for decrypting a Webhook.

When you create the new Webhook in the response you get two attributes;

{
  "id": "66733d33222710ab2785dc62",
  "secret": "IgAeeIIorKQ86gAGItsmY0slzhxRY1Gvj/VIJz8DtIs="
}

Secret is used to decrypt the webhook payload.

Standard decryption for aes-256-cbc using the data, the iv, and the secret returned during the webhook registration.

1

Extract Initialization Vector (IV)

  • [Recommendation] Check if the key length is 32 bytes, which is the required size for the AES-256 encryption algorithm.
TypeScript Example
  const key = Buffer.from(WEBHOOK_SHARED_SECRET_ENCRYPTION_KEY, "base64");
  if (key.length !== 32) {
    throw new Error("Encryption key must be 256 bits (32 bytes)");
  }
  • Extracts the first 32 characters of the encrypted value, which correspond to the initialisation vector (IV) in hexadecimal format. The IV is a random value used to make each encryption unique, even with the same key.
TypeScript Example
const ivHex = encryptedValue.slice(0, 32);
  • Converts the hexadecimal IV to a byte buffer.
TypeScript Example
  const iv = Buffer.from(ivHex, "hex");
2

Extract Encrypted Data

  • Extracts the remaining part of the encrypted value, which contains the actual encrypted data.
TypeScript Example
  const encryptedData = encryptedValue.slice(32);
3

Decryption

  • Creates a decryptor object using the AES-256 algorithm in CBC (Cipher Block Chaining) mode, the key and the IV.
TypeScript Example
 const decipher = crypto.createDecipheriv("aes-256-cbc", key, iv);
  • Start decrypting the data and store the result.
TypeScript Example
  let decrypted = decipher.update(encryptedData, "hex", "utf8");
  decrypted += decipher.final("utf8");
Create webhook