Signature verification in Express requires the exact raw bytes of the request body before any JSON parsing happens, and a provider's retry policy assumes your endpoint answers within a second or two. On a DenkOps slot the Express app is already running when the request arrives, so there's no cold-start delay pushing you past a provider's retry window.
import express from "express";
import crypto from "node:crypto";
const app = express();
app.post("/hook", express.raw({ type: "*/*" }), (req, res) => {
const sig = req.header("x-signature") ?? "";
const expected = crypto.createHmac("sha256", process.env.WEBHOOK_SECRET!).update(req.body).digest("hex");
if (sig !== expected) return res.sendStatus(401);
const payload = JSON.parse(req.body.toString());
res.json({ ok: true });
});
app.listen(3000);Deploy it: install the plugin, say "deploy on DenkOps", and get a live SSL URL.
Start on DenkOps →Yes, express.raw() gives you the untouched body buffer for HMAC verification, identical to how you'd run Express anywhere else.
No. The slot keeps your Express server running continuously, so there is no cold start for retries to race against.