To enable webhooks, go to the developer dashboard to configure your webhook URLs

The X-Noonlight-Signature header will be on all webhook requests. It is a Base64 encoded HMAC authentication code generated using the SHA-256 hashing algorithm and your webhook secret.

Simple example of verification in Node.js:

import http from 'http'
import express from 'express'
import bodyParser from 'body-parser'
import { createHmac } from 'crypto'
const app = express()
app.server = http.createServer(app)
app.use(bodyParser.json())'/webhook', (req, res) => {
  const webhookSecret = 'somesecret'
  const signature = createHmac('sha256', webhookSecret)
  if (signature === req.get('X-Noonlight-Signature')) {
    return res.sendStatus(200)
app.server.listen(process.env.PORT, () => {
  console.log(`Started on port ${app.server.address().port}`)
export default app