If you enable a secret key to generate an HMAC digest, a special header is sent with all of your webhook payloads. This header is X-Nexus-Webhook-Signature and ensures that you receive an authentic message.
Webhooks can be consumed easily in node.js. Use the following setup to get started, substituting foo for the secret key you configured with your webhook:
Setup in terminal.
npm init npm install express npm install body-parser echo {\"secretKey\":\"foo\"} > settings.json
When verifying the HMAC digest, the HmacDigest value should match the signature value. |
Example Webhook Consumer.
const express = require(‘express’); const app = express(); const bodyParser = require(‘body-parser’); const settings = require(‘./settings.json’); const crypto = require(‘crypto’); app.use(bodyParser.json()); app.post('/', function(req, res) { const body = req.body; const signature = req.headers['x-nexus-webhook-signature']; var hmacDigest = crypto.createHmac("sha1", settings.secretKey).update(JSON.stringify(body)).digest("hex"); console.log('Webhook received'); console.log('Headers: ' + JSON.stringify(req.headers)); console.log('Body: ' + JSON.stringify(req.body)); console.log('HmacDigest: ' + hmacDigest); console.log('Signature: ' + signature); res.send(); }); app.listen(3000, function() { console.log('Server running on port 3000.'); });
Terms of Service Privacy Policy
Copyright ©
2008-present, Sonatype Inc. All rights reserved. Includes the
third-party code listed here. Sonatype and Sonatype Nexus are trademarks
of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache
Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation.
All other trademarks are the property of their respective owners.
Sonatype Headquarters - 8161
Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8251 Greensboro Drive #610, McLean, VA
22102
Australia Office - 5 Martin Place, Level 14, Sydney 2000, NSW, Australia