Overview
The Discord Verifier node is designed to verify the authenticity of incoming Discord webhook requests by validating their digital signature. It uses the public key from a Discord bot and checks that the signature sent with the webhook matches the expected signature for the given payload and timestamp. This ensures that the webhook data has not been tampered with and truly originates from Discord.
This node is beneficial in scenarios where you want to securely process Discord interactions or events, such as slash commands or message components, and need to confirm that the data received is legitimate before proceeding with further workflow actions.
Practical example:
You receive a webhook from a Discord bot interaction. Before processing the command or event data, you use this node to verify the signature using the bot’s public key, the provided signature, and timestamp. If verification passes, you can safely trust and handle the payload.
Properties
| Name | Meaning |
|---|---|
| Public Key | The public key from your Discord bot page used to verify the webhook signature. |
| Signature | The signature string sent by the Discord webhook that needs to be verified. |
| Timestamp | The timestamp string sent by the Discord webhook, used as part of the signature verification. |
| Input Binary Field | The name of the input binary field containing the raw body data from the webhook (e.g., "data"). |
Output
The node outputs the original input data with an additional boolean property verified added to the JSON output. This property indicates whether the signature verification succeeded (true) or failed (false).
Example output JSON structure:
{
"verified": true,
// ... other original JSON properties from the webhook payload
}
If the node encounters an error during verification and is configured to continue on failure, it will output an error object alongside the original data.
Dependencies
- Uses the
tweetnacllibrary for cryptographic signature verification. - Requires the raw webhook body data to be available as a binary input field.
- Needs the Discord bot's public key, the signature, and the timestamp from the webhook request.
- No external API calls are made; all verification is done locally within the node.
Troubleshooting
- Missing or incorrect binary input field: If the specified binary field does not exist or is empty, the node will skip verification for that item.
- Invalid public key, signature, or timestamp: Verification will fail if any of these inputs are incorrect or malformed.
- Error messages:
- Errors related to missing binary data or invalid parameters will cause the node to throw exceptions unless "Continue On Fail" is enabled.
- Cryptographic verification errors typically indicate mismatched keys or corrupted data.
- To resolve issues, ensure that the public key matches the one from your Discord bot, the signature and timestamp come directly from the webhook headers, and the raw body data is correctly captured in the specified binary field.
Links and References
- Discord Developer Portal - Interactions and Webhooks
- TweetNaCl.js GitHub Repository - The cryptographic library used for signature verification