Creates webhook endpoints with HMAC signature verification, idempotency checks, payload parsing, and async retry handling for Stripe, GitHub, Twilio.
From webhook-handler-creatornpx claudepluginhub nickloveinvesting/nick-love-plugins --plugin webhook-handler-creatorThis skill is limited to using the following tools:
references/errors.mdreferences/examples.mdreferences/implementation.mdDesigns and optimizes AI agent action spaces, tool definitions, observation formats, error recovery, and context for higher task completion rates.
Enables AI agents to execute x402 payments with per-task budgets, spending controls, and non-custodial wallets via MCP tools. Use when agents pay for APIs, services, or other agents.
Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.
Create secure webhook receiver endpoints with HMAC signature verification, idempotent event processing, and automatic retry handling. Support ingestion from providers like Stripe, GitHub, Twilio, and Slack with provider-specific signature validation schemes and payload parsing.
express.raw(), FastAPI with Request.body())POST /webhooks/:provider) that captures the raw request body before any JSON parsing middleware runs.HMAC(raw_body, signing_secret) and comparing against the provider's signature header (X-Hub-Signature-256, Stripe-Signature, X-Twilio-Signature).evt_xxx) in Redis or a database table, rejecting duplicates with 200 OK to prevent provider retries.event.type, action, EventType) and route to the appropriate handler function using a dispatch map.See ${CLAUDE_SKILL_DIR}/references/implementation.md for the full implementation guide.
${CLAUDE_SKILL_DIR}/src/webhooks/receiver.js - Webhook endpoint with signature verification${CLAUDE_SKILL_DIR}/src/webhooks/handlers/ - Per-event-type handler functions${CLAUDE_SKILL_DIR}/src/webhooks/verify.js - HMAC signature verification utilities${CLAUDE_SKILL_DIR}/src/webhooks/idempotency.js - Duplicate event detection logic${CLAUDE_SKILL_DIR}/src/queues/webhook-processor.js - Async event processing queue worker${CLAUDE_SKILL_DIR}/tests/webhooks/ - Replay tests with recorded payloads| Error | Cause | Solution |
|---|---|---|
| 401 Signature Mismatch | HMAC verification failed against provider signature | Log the expected vs. received signature (redacted); verify signing secret rotation status |
| 400 Malformed Payload | Raw body is not valid JSON or missing required fields | Return 400 so provider marks delivery as failed; log raw body for debugging |
| 200 OK (duplicate) | Event ID already processed; idempotency guard triggered | Return 200 to prevent provider retry loops; log duplicate detection for monitoring |
| 504 Gateway Timeout | Synchronous processing exceeded provider timeout (typically 5-30s) | Move processing to async queue; respond 200 immediately upon signature verification |
| 500 Handler Exception | Business logic threw unhandled error during processing | Catch at dispatch layer; log full error with event payload; allow provider to retry |
Refer to ${CLAUDE_SKILL_DIR}/references/errors.md for comprehensive error patterns.
Stripe payment webhook: Verify Stripe-Signature header using stripe.webhooks.constructEvent(), then dispatch payment_intent.succeeded to fulfill orders and charge.refunded to process refund credits.
GitHub push webhook: Validate X-Hub-Signature-256, parse push events, extract commit list, and trigger CI/CD pipeline via queue message.
Multi-provider router: Single /webhooks/:provider endpoint that loads provider-specific signature verifier and event schema from a registry, supporting Stripe, GitHub, Twilio, and custom providers.
See ${CLAUDE_SKILL_DIR}/references/examples.md for additional examples.