Quickstart Guide

Node.js (Express)

npm i @hookcheck/node

Middleware-ready. Works with Express, Fastify, and Hono out of the box. Average setup time: 45 seconds.

Python (FastAPI/Django)

pip install hookcheck-python

Async-compatible decorator and middleware. Integrates with Pydantic models for automatic payload validation.

PHP (Laravel/Symfony)

composer require hookcheck/laravel

Service provider included. Auto-registers routes and handles HMAC-SHA256 verification with Laravel's event system.

Ruby on Rails

gem install hookcheck-rails

Mountable engine or controller mixin. Logs to webhook_events table and supports ActiveJob retry policies.

Node.js / Express

const { verify, log } = require('@hookcheck/node');

app.post('/webhooks/stripe', async (req, res) => {
  const isValid = await verify(req.headers, req.body, process.env.HC_SECRET);
  if (!isValid) return res.status(401).send('Invalid signature');

  await log('stripe.payment.succeeded', req.body);
  res.json({ received: true });
});

Python / FastAPI

from fastapi import FastAPI, Request
import hookcheck

app = FastAPI()

@app.post("/hooks/github")
async def handle_github(request: Request):
    payload = await request.json()
    hookcheck.verify(request, payload, "YOUR_SECRET_KEY")
    hookcheck.log("github.push", payload)
    return {"status": "ok"}

PHP / Laravel

use HookCheck\Laravel\Facades\HookCheck;

Route::post('/webhooks/paddle', function (Request $request) {
    if (!HookCheck::verify($request)) {
        abort(401, 'Signature mismatch');
    }

    HookCheck::log('paddle.subscription.updated', $request->all());
    return response()->json(['success' => true]);
});

PHP / Native

$secret = 'YOUR_SECRET_KEY';
$payload = file_get_contents('php://input');
$signature = $_SERVER['HTTP_X_HOOKCHECK_SIG'];

$expected = hash_hmac('sha256', $payload, $secret);
if (!hash_equals($expected, $signature)) {
    http_response_code(401);
    exit('Invalid signature');
}

file_put_contents('webhook.log', json_encode(json_decode($payload)));