Installation

Open Claude Code and run this command:

/plugin install webhook-handler-creator@claude-code-plugins-plus

Use --global to install for all projects, or --project for current project only.

What It Does

Create secure webhook endpoints with signature verification, idempotency, and retry logic.

Features

Signature verification (HMAC)
Idempotency handling
Retry with exponential backoff
Event routing
Dead letter queue

Skills (1)

creating-webhook-handlers SKILL.md View full skill →

Create webhook endpoints with signature verification, retry logic, and payload validation.

ReadWriteEditGrepGlobBash(api:webhook-*)

Creating Webhook Handlers

Overview

Create secure webhook receiver endpoints with HMAC signature verification, idempotent event processing, and automatic retry handling. Support ingestion from providers like Stripe, GitHub, Twilio, and Slack with provider-specific signature validation schemes and payload parsing.

Prerequisites

Web framework with raw body access (Express with express.raw(), FastAPI with Request.body())
Webhook provider credentials: signing secret or shared secret key
Persistent storage for idempotency tracking (Redis or database table for processed event IDs)
Queue system for async processing (optional: Bull, Celery, SQS)
ngrok or similar tunnel for local development testing

Instructions

Examine existing route definitions and middleware using Grep and Read to identify where webhook endpoints integrate into the application.
Create a dedicated webhook route (e.g., POST /webhooks/:provider) that captures the raw request body before any JSON parsing middleware runs.
Implement HMAC-SHA256 signature verification by computing HMAC(rawbody, signingsecret) and comparing against the provider's signature header (X-Hub-Signature-256, Stripe-Signature, X-Twilio-Signature).
Add idempotency protection by storing processed event IDs (e.g., evt_xxx) in Redis or a database table, rejecting duplicates with 200 OK to prevent provider retries.
Parse the event type from the payload (event.type, action, EventType) and route to the appropriate handler function using a dispatch map.
Respond with 200 OK immediately, then enqueue the event payload for asynchronous processing to avoid webhook timeout failures.
Implement dead-letter handling for events that fail processing after maximum retry attempts, logging the full payload for manual inspection.
Write tests that replay recorded webhook payloads with valid and tampered signatures to verify acceptance and rejection behavior.

See ${CLAUDESKILLDIR}/references/implementation.md for the full implementation guide.

Output

${CLAUDESKILLDIR}/src/webhooks/receiver.js - Webhook endpoint with signature verification
${CLAUDESKILLDIR}/src/webhooks/handlers/ - Per-event-type handler functions
${CLAUDESKILLDIR}/src/webhooks/verify.js - HMAC signature verification utilities
${CLAUDESKILLDIR}/src/webhooks/idempotency.js - Duplicate event detection logic
${CLAUDESKILLDIR}/src/queues/webhook-processor.js - Async event processing queue worker
${CLAUDESKILLDIR}/tests/webhooks/ - Re

How It Works


/create-webhook-handler
/webhook

webhook-handler-creator

Installation

What It Does

Features

Skills (1)

Creating Webhook Handlers

Overview

Prerequisites

Instructions

Output

How It Works

Ready to use webhook-handler-creator?

Related Plugins

webhook-handler-creator

Installation

What It Does

Features

Skills (1)

Creating Webhook Handlers

Overview

Prerequisites

Instructions

Output

How It Works

Ready to use webhook-handler-creator?

Related Plugins

api-authentication-builder

api-batch-processor

api-cache-manager

api-contract-generator

api-documentation-generator

api-error-handler