How does this skill protect against replay attacks?

It implements a timestamp validation check that compares the 'x-exa-timestamp' header against the current time, rejecting any requests older than 5 minutes.

Why is raw body parsing necessary for Exa webhooks?

Cryptographic signature verification requires the exact, unaltered payload. Standard JSON parsers can change whitespace or property ordering, which causes the signature check to fail.

Can I test these webhooks on my local machine?

Yes, the skill includes instructions for using tools like Ngrok to expose your local server and the Exa CLI to trigger test events for debugging.

Is Redis required to use this skill?

No, Redis is optional but recommended for implementing idempotency, which ensures that your application doesn't process the same webhook multiple times if the provider retries the request.

Exa Webhooks & Events

Name: Exa Webhooks & Events
Author: jeremylongshore

byjeremylongshore

•

983

•

API 开发

Implements secure webhook endpoints for Exa with signature validation and idempotent event handling.

This skill provides a standardized approach to implementing and securing Exa webhook notifications in your applications. It includes production-grade patterns for cryptographic signature verification using HMAC-SHA256, replay attack prevention via timestamp checking, and structured event dispatching. By utilizing this skill, developers can quickly set up reliable endpoints that handle Exa resource updates, creations, or deletions while maintaining strict security standards and ensuring data integrity through idempotency patterns.

主要功能

01Idempotent event processing using Redis

02Local testing workflows using Ngrok and CURL

03Replay attack protection via timestamp validation

04983 GitHub stars

05HMAC-SHA256 signature verification logic

06Express.js raw body handling patterns

使用场景

01Securing public API endpoints against unauthorized webhook requests

02Syncing local databases with real-time Exa resource updates

03Triggering automated workflows based on Exa platform notifications

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills exa-webhooks-events

For use in Claude.ai and ChatGPT

Download Skill