Command

nylas webhook verify

Verify a webhook signature locally.

Written by Qasim Muhammad Staff SRE

What does nylas webhook verify do?

The nylas webhook verify command validates a webhook payload against a signature and secret. Use --payload-file for a saved raw body, --payload for inline JSON, --signature for the received signature header, and --secret for the webhook signing secret.

Usage

nylas webhook verify --payload-file PAYLOAD.json --signature SIG --secret SECRET

Flags

FlagDescription
--jsonOutput as JSON
--no-colorDisable color output
--verbose(-v)Enable verbose output
--configCustom config file path
--help(-h)Show help for the command
--limitLimit results (most list commands)
--yes(-y)Skip confirmations
--payloadInline webhook payload JSON
--payload-filePath to a file containing the raw webhook payload
--signatureWebhook signature header value
--secretWebhook signing secret

Examples

Verify a saved payload

nylas webhook verify \
  --payload-file message.created.json \
  --signature "$NYLAS_SIGNATURE" \
  --secret "$NYLAS_WEBHOOK_SECRET"

Verify inline JSON

nylas webhook verify \
  --payload '{"type":"message.created"}' \
  --signature "$NYLAS_SIGNATURE" \
  --secret "$NYLAS_WEBHOOK_SECRET"

Example output

✓ Signature valid
  The payload matches the x-nylas-signature header value.

Troubleshooting

Signature mismatch

Verify against the exact raw request body. Middleware that parses and reserializes JSON can change bytes and invalidate the signature.

Recommended guides

Run nylas webhook verify --help for full help output.