Discord Signature Validator icon

Discord Signature Validator

Validates Discord ED25519 request signatures

Overview

This node validates Discord request signatures using the ED25519 algorithm. It is designed to verify that incoming HTTP requests genuinely originate from Discord by checking their cryptographic signature against a known public key. This validation is crucial for security when building Discord bots or integrations that rely on webhook events or interaction callbacks.

Typical use cases include:

  • Ensuring that incoming Discord interaction payloads are authentic before processing commands.
  • Securing webhook endpoints by rejecting forged or tampered requests.
  • Debugging and verifying signature correctness during development of Discord applications.

Properties

Name Meaning
Public Key (hex) The Discord application's public key in hexadecimal format (without "0x" prefix).
Signature (hex) The value of the x-signature-ed25519 header from the incoming request, in hex format.
Timestamp The value of the x-signature-timestamp header from the incoming request as a string.
Raw Body The raw, unparsed request body as a string exactly as received from Discord.

Output

The node outputs an array of JSON objects, one per input item, each containing:

  • valid (boolean): Indicates whether the signature verification succeeded (true) or failed (false).
  • signature (string): The original signature string provided for verification.
  • timestamp (string): The timestamp string used in the verification process.
  • messageSample (string): A sample snippet of the raw message body (first 60 characters followed by ellipsis if longer).
  • error (string, optional): If verification fails due to an error, this field contains the error message.

No binary data output is produced by this node.

Dependencies

  • Uses the tweetnacl library for ED25519 signature verification.
  • Requires the user to provide the Discord application's public key and the relevant headers (x-signature-ed25519 and x-signature-timestamp) along with the raw request body.
  • No additional external services or environment variables are required.

Troubleshooting

  • Common issues:

    • Incorrect public key format or value will cause verification to fail.
    • Providing a malformed or incomplete signature or timestamp will result in errors.
    • Passing a parsed or altered request body instead of the exact raw string will invalidate the signature.

  • Error messages:

    • Errors typically arise from invalid buffer conversions or signature verification failures.
    • The node returns an error message in the output JSON under the error field to help diagnose issues.

  • Resolution tips:

    • Ensure the public key is copied exactly as provided by Discord, without any prefixes.
    • Use the exact raw request body string as received, without any parsing or modification.
    • Confirm that the signature and timestamp headers are correctly extracted from the incoming HTTP request.

Links and References

Discussion