creating-webhook-handlers
Create webhook endpoints with signature verification, retry logic, and payload validation. Use when receiving and processing webhook events. Trigger with phrases like "create webhook", "handle webhook events", or "setup webhook handler".
Install
mkdir -p .claude/skills/creating-webhook-handlers && curl -L -o skill.zip "https://mcp.directory/api/skills/download/8429" && unzip -o skill.zip -d .claude/skills/creating-webhook-handlers && rm skill.zipInstalls to .claude/skills/creating-webhook-handlers
About this skill
Creating Webhook Handlers
Overview
Create secure webhook receiver endpoints with HMAC signature verification, idempotent event processing, and automatic retry handling. Support ingestion from providers like Stripe, GitHub, Twilio, and Slack with provider-specific signature validation schemes and payload parsing.
Prerequisites
- Web framework with raw body access (Express with
express.raw(), FastAPI withRequest.body()) - Webhook provider credentials: signing secret or shared secret key
- Persistent storage for idempotency tracking (Redis or database table for processed event IDs)
- Queue system for async processing (optional: Bull, Celery, SQS)
- ngrok or similar tunnel for local development testing
Instructions
- Examine existing route definitions and middleware using Grep and Read to identify where webhook endpoints integrate into the application.
- Create a dedicated webhook route (e.g.,
POST /webhooks/:provider) that captures the raw request body before any JSON parsing middleware runs. - Implement HMAC-SHA256 signature verification by computing
HMAC(raw_body, signing_secret)and comparing against the provider's signature header (X-Hub-Signature-256,Stripe-Signature,X-Twilio-Signature). - Add idempotency protection by storing processed event IDs (e.g.,
evt_xxx) in Redis or a database table, rejecting duplicates with 200 OK to prevent provider retries. - Parse the event type from the payload (
event.type,action,EventType) and route to the appropriate handler function using a dispatch map. - Respond with 200 OK immediately, then enqueue the event payload for asynchronous processing to avoid webhook timeout failures.
- Implement dead-letter handling for events that fail processing after maximum retry attempts, logging the full payload for manual inspection.
- Write tests that replay recorded webhook payloads with valid and tampered signatures to verify acceptance and rejection behavior.
See ${CLAUDE_SKILL_DIR}/references/implementation.md for the full implementation guide.
Output
${CLAUDE_SKILL_DIR}/src/webhooks/receiver.js- Webhook endpoint with signature verification${CLAUDE_SKILL_DIR}/src/webhooks/handlers/- Per-event-type handler functions${CLAUDE_SKILL_DIR}/src/webhooks/verify.js- HMAC signature verification utilities${CLAUDE_SKILL_DIR}/src/webhooks/idempotency.js- Duplicate event detection logic${CLAUDE_SKILL_DIR}/src/queues/webhook-processor.js- Async event processing queue worker${CLAUDE_SKILL_DIR}/tests/webhooks/- Replay tests with recorded payloads
Error Handling
| Error | Cause | Solution |
|---|---|---|
| 401 Signature Mismatch | HMAC verification failed against provider signature | Log the expected vs. received signature (redacted); verify signing secret rotation status |
| 400 Malformed Payload | Raw body is not valid JSON or missing required fields | Return 400 so provider marks delivery as failed; log raw body for debugging |
| 200 OK (duplicate) | Event ID already processed; idempotency guard triggered | Return 200 to prevent provider retry loops; log duplicate detection for monitoring |
| 504 Gateway Timeout | Synchronous processing exceeded provider timeout (typically 5-30s) | Move processing to async queue; respond 200 immediately upon signature verification |
| 500 Handler Exception | Business logic threw unhandled error during processing | Catch at dispatch layer; log full error with event payload; allow provider to retry |
Refer to ${CLAUDE_SKILL_DIR}/references/errors.md for comprehensive error patterns.
Examples
Stripe payment webhook: Verify Stripe-Signature header using stripe.webhooks.constructEvent(), then dispatch payment_intent.succeeded to fulfill orders and charge.refunded to process refund credits.
GitHub push webhook: Validate X-Hub-Signature-256, parse push events, extract commit list, and trigger CI/CD pipeline via queue message.
Multi-provider router: Single /webhooks/:provider endpoint that loads provider-specific signature verifier and event schema from a registry, supporting Stripe, GitHub, Twilio, and custom providers.
See ${CLAUDE_SKILL_DIR}/references/examples.md for additional examples.
Resources
- Stripe Webhook Signatures: https://stripe.com/docs/webhooks/signatures
- GitHub Webhook Events: https://docs.github.com/en/webhooks
- RFC 2104 HMAC specification for signature computation
- OWASP Webhook Security best practices
More by jeremylongshore
View all skills by jeremylongshore →You might also like
flutter-development
aj-geddes
Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.
drawio-diagrams-enhanced
jgtolentino
Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.
ui-ux-pro-max
nextlevelbuilder
"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."
godot
bfollington
This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.
nano-banana-pro
garg-aayush
Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.
pdf-to-markdown
aliceisjustplaying
Convert entire PDF documents to clean, structured Markdown for full context loading. Use this skill when the user wants to extract ALL text from a PDF into context (not grep/search), when discussing or analyzing PDF content in full, when the user mentions "load the whole PDF", "bring the PDF into context", "read the entire PDF", or when partial extraction/grepping would miss important context. This is the preferred method for PDF text extraction over page-by-page or grep approaches.
Related MCP Servers
Browse all servers
WebhooksWebhooks enable automated notifications and workflow automation software integration by sending customizable messages to
Telnyx MCP ServerTelnyx MCP Server: manage phone numbers, calls, SMS and AI assistants with Telnyx API. Real-time webhooks, voice & messa
DingTalkIntegrate notifications into your workflow with DingTalk. Send messages, updates, and team alerts via secure webhook con
MCP Bitnovo PayEnable AI agents to create and manage cryptocurrency payments via Bitnovo Pay API, generate QR codes, check payment stat
Createve.AI NexusCreateve.AI Nexus unifies REST API and MCP, integrating APIs for AI workflow automation with tools like Calendly API and
BlenderConnect Blender to Claude AI for seamless 3D modeling. Use AI 3D model generator tools for faster, intuitive, interactiv
Stay ahead of the MCP ecosystem
Get weekly updates on new skills and servers.