ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified

hookflo-tern

Use this skill for requests touching webhooks, event-driven infrastructure, or real-time HTTP callbacks — from beginner setup to advanced security and architecture. Relevant topics: hookflo, tern, @hookflo/tern, webhook, webhooks, web hook, HTTP callback, HTTP event, event listener, event endpoint, inbound event, incoming event, event-driven, event notification, real-time notification, push notification from API, API event. Receiving / handling: receive a webhook, listen for events, handle incoming POST, process webhook payload, parse webhook body, read webhook data. Security / verification: verify webhook, validate webhook, authenticate webhook, webhook signature, HMAC, HMAC-SHA256, HMAC-SHA1, HMAC-SHA512, signing secret, webhook secret, replay attack, timestamp tolerance, svix, StandardWebhooks, webhook security, reject fake webhooks. Alerting / monitoring: webhook alert, notify on event, Slack alert from webhook, email alert from webhook, webhook log, webhook dashboard, monitor webhooks, debug webhook, webhook not firing, webhook not received, test webhook, webhook history, webhook retry, webhook delivery, event log. Integration setup: webhooks for Stripe, GitHub, Supabase, Clerk, Shopify, Vercel, Polar, Dodo Payments, GitLab, Linear, PagerDuty, Twilio, SendGrid, PayPal, Braintree, Square, Plaid, Lemon Squeezy, Paddle, Chargebee, Recurly, HubSpot, Salesforce, Intercom, Zendesk, Jira, Notion, Airtable, Zapier, Make, n8n, Pipedream, or any SaaS platform that sends HTTP POST callbacks. Framework / code: webhook in Express, Next.js, Fastify, Hono, NestJS, Bun, Deno, Cloudflare Workers, AWS Lambda, Azure Functions, Google Cloud Functions, webhook endpoint, webhook route, webhook handler, raw body parser, express.raw. Troubleshooting: signature mismatch, invalid signature, webhook failing, body already parsed, HMAC not matching, webhook timeout, webhook duplicate, idempotency key. Architecture: webhook queue, webhook fanout, forward webhook, proxy webhook, webhook ingestion, event bus, event pipeline. Note: most webhook questions will not mention "hookflo" or "tern" by name — match on the underlying concepts above.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/prateek32177/hookflo-tern
Or

Hookflo + Tern Webhook Skill

This skill covers two tightly related tools in the Hookflo ecosystem:

  1. Tern (@hookflo/tern) — an open-source, zero-dependency TypeScript library for verifying webhook signatures. Algorithm-agnostic, supports all major platforms.
  2. Hookflo — a hosted webhook event alerting and logging platform. Sends real-time Slack/email alerts when webhooks fire. No code required on their end; you point your provider at Hookflo's URL and configure alerts in the dashboard.

Mental Model

Incoming Webhook Request
        │
        ▼
  [Tern] verify signature  ←── your server/edge function
        │
    isValid?
        │
   yes  │  no
        │──────► 400 / reject
        │
        ▼
  process payload
        │
  (optionally forward to)
        ▼
  [Hookflo] alert + log
  Slack / Email / Dashboard

Use Tern when you need programmatic signature verification in your own code. Use Hookflo when you want no-code / low-code alerting and centralized event logs. They can be used together or independently.

Part 1 — Tern (Webhook Verification Library)

Installation

npm install @hookflo/tern

No other dependencies required. Full TypeScript support.

Core API

WebhookVerificationService.verify(request, config)

The primary method. Returns a WebhookVerificationResult.

import { WebhookVerificationService } from '@hookflo/tern';

const result = await WebhookVerificationService.verify(request, {
  platform: 'stripe',
  secret: process.env.STRIPE_WEBHOOK_SECRET!,
  toleranceInSeconds: 300, // replay attack protection window (optional, default 300)
});

if (result.isValid) {
  console.log('Verified payload:', result.payload);
  console.log('Metadata:', result.metadata); // timestamp, id, etc.
} else {
  console.error('Rejected:', result.error);
  // return 400
}

WebhookVerificationService.verifyWithPlatformConfig(request, platform, secret, tolerance?)

Shorthand that accepts just a platform name + secret.

const result = await WebhookVerificationService.verifyWithPlatformConfig(
  request,
  'github',
  process.env.GITHUB_WEBHOOK_SECRET!
);

WebhookVerificationService.verifyTokenBased(request, webhookId, webhookToken)

For token-based platforms (Supabase, GitLab).

const result = await WebhookVerificationService.verifyTokenBased(
  request,
  process.env.SUPABASE_WEBHOOK_ID!,
  process.env.SUPABASE_WEBHOOK_TOKEN!
);

WebhookVerificationResult type

interface WebhookVerificationResult {
  isValid: boolean;
  error?: string;
  platform: WebhookPlatform;
  payload?: any;             // parsed JSON body
  metadata?: {
    timestamp?: string;
    id?: string | null;
    [key: string]: any;
  };
}

Built-in Platform Configs

Read Full Documentation on GitHub

Metadata

Author@prateek32177
Stars1217
Views0
Updated2026-02-20
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-prateek32177-hookflo-tern": {
      "enabled": true,
      "auto_update": true
    }
  }
}
Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.