A TypeScript Express.js webhook server that handles webhooks from multiple sources:
- Fordefi: Processes transaction events and notifications from your Fordefi organization
- Hypernative: Receives real-time Web3 security alerts and triggers automated responses via Fordefi
- Node.js 18+
- npm or yarn
- Fordefi API User Token - Get your token here
- Fordefi Public Key - Download from webhook docs
- Hypernative Public Key - Contact Hypernative support for webhook signature validation
- Hypernative Account - Sign up here
-
Clone and navigate
cd api-examples/typescript/webhooks -
Install dependencies
npm install express axios dotenv npm install -D typescript @types/express @types/node ts-node nodemon
-
Initialize TypeScript config
npx tsc --init
-
Environment Variables
Create a.envfile:# Fordefi Configuration FORDEFI_API_USER_TOKEN=your_fordefi_api_token_here FORDEFI_PUBLIC_KEY=your_fordefi_public_key_pem_content_here # Hypernative Configuration (optional - will use file if not provided) HYPERNATIVE_PUBLIC_KEY=your_hypernative_public_key_pem_content_here # Server Configuration PORT=8080
-
Public Key Setup
The server supports loading public keys from both environment variables and files:Option A: Environment Variables (Recommended for production)
FORDEFI_PUBLIC_KEY=-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkq...\n-----END PUBLIC KEY----- HYPERNATIVE_PUBLIC_KEY=-----BEGIN PUBLIC KEY-----\nMFkwEwYHKo...\n-----END PUBLIC KEY-----
Option B: Key Files (Good for development)
# Create keys directory mkdir keys # Save Fordefi public key # Download from: https://docs.fordefi.com/developers/webhooks#validate-a-webhook # Save as: keys/fordefi_public_key.pem # Save Hypernative public key # Contact Hypernative support to get this key # Save as: keys/hypernative_public_key.pem
-
Package.json Scripts
Add these scripts to yourpackage.json:{ "scripts": { "dev": "nodemon --exec ts-node app.ts", "build": "tsc", "start": "node dist/app.js" } }
npm run devnpm run build
npm startnpx ts-node app.ts| Method | Endpoint | Description |
|---|---|---|
GET |
/health |
Health check endpoint |
POST |
/ |
Main webhook endpoint for Fordefi events |
POST |
/hypernative |
Webhook endpoint for Hypernative security alerts |
- Signature Verification - Validates
X-Signatureheader using ECDSA P-256 - Event Processing - Parses webhook payload and extracts transaction data
- Logging - Logs complete transaction event details
- Response - Returns success confirmation
- Header Extraction - Retrieves
fordefi-transaction-idfrom headers - Signature Verification - Validates
digitalSignaturefrom request body using ECDSA P-256 - Alert Processing - Parses risk insight data and security alerts
- Logging - Logs detailed security alert information
- Response - Returns success confirmation with transaction ID
Content-Type: application/json
fordefi-transaction-id: d8f907cd-438a-45b4-a22c-0851338a7678{
"id": "unique-webhook-message-id",
"data": "{...JSON string containing riskInsight data...}",
"digitalSignature": "MEYCIQCLpMfKwuubxs73AZ4l58+MGmpjVViiBiHOq5iDhQlc+Q..."
}{
"id": "transaction_id_here",
"status": "completed",
"blockchain": "ethereum",
"type": "transfer",
// ... additional transaction data
}-
Install ngrok
# Install ngrok: https://ngrok.com/download -
Start your webhook server
npm run dev
-
Expose locally with ngrok
ngrok http 8080
-
Configure Fordefi Webhook
- Go to Fordefi Console → Settings → Webhooks
- Add webhook URL:
https://your-ngrok-url.ngrok.io/ - Save and test
fordefi-webhooks/
├── app.ts # Main application file
├── package.json # Dependencies and scripts
├── tsconfig.json # TypeScript configuration
├── .env # Environment variables (optional)
├── keys/ # Public keys directory
│ ├── fordefi_public_key.pem # Fordefi webhook signature validation
│ └── hypernative_public_key.pem # Hypernative webhook signature validation
└── README.md # This file
| Variable | Required | Description |
|---|---|---|
FORDEFI_API_USER_TOKEN |
No* | Your Fordefi API access token (for API calls) |
FORDEFI_PUBLIC_KEY |
No* | Fordefi public key PEM content (fallback to file) |
HYPERNATIVE_PUBLIC_KEY |
No* | Hypernative public key PEM content (fallback to file) |
PORT |
No | Server port (default: 8080) |
*Required only if not using key files
- Login to Hypernative Platform
- Navigate to Channels → Add Channel → Webhook
- Set webhook URL:
https://your-domain.com/hypernative - Configure any additional headers if needed
- In Hypernative, go to Channels → Add Channel → Fordefi
- Enter your webhook URL:
https://your-domain.com/hypernative - Configure the
fordefi-transaction-idheader with your prepared transaction ID - Connect this channel to your Watchlists or Custom Agents
- Create a test alert in Hypernative
- Verify the webhook receives the alert with proper signature validation
- Check logs for successful processing
- ✅ ECDSA P-256 Signature Verification for both Fordefi and Hypernative webhooks
- ✅ Environment Variable Support for secure key management
- ✅ Fallback to File Keys for development environments
- ✅ Request Validation with proper error handling
- ✅ Detailed Logging for debugging and monitoring
📚 Documentation Links:
Fordefi:
Hypernative: