Using node:crypto on the http handler of an app to verify the signature of incoming requests
Hello, I'm implementing a http handler for my YouTrack app that will receive requests from a 3rd party service. As a good practice, it is important to verify the request's signature. This involves using node:crypto:
const {createHmac} = require('node:crypto');
However, when I upload my app, YouTrack gives me an error message saying the library is not available.
Is there no way at all to import this library?
Copying the contents of the node library into my app does not seem very practical. Plus, this looks like a very standard practice for verifying the authenticity of incoming requests. Is there an alternate method to do this on a http handler in YT apps?
Please sign in to leave a comment.
Hello F.B.,
The node:crypto module is not available because YouTrack Apps run in a GraalVM environment, not Node.js — so Node.js standard libraries cannot be used.
That said, you can use a third-party library for signature verification, provided it is packaged along with the rest of your app code.
Please feel free to reach out if you have any questions!