Best fit
Implementation prep when the buyer needs a usable config, snippet, payload, scope plan, or receiver scaffold.
Free tool
Generate Node or Python webhook handlers with signature verification for unlimitedcodex events.
Tool strategy
Generate Node or Python webhook handlers with signature verification for unlimitedcodex events. The tool is useful before checkout because it helps buyers make one specific OpenAI-compatible API access decision without sharing private secrets.
Implementation prep when the buyer needs a usable config, snippet, payload, scope plan, or receiver scaffold.
A copyable starter artifact the buyer can adapt to the delivered base URL, API key, and model IDs.
Apply the generated artifact, verify it with the relevant docs, then request setup delivery through a paid package.
Tool citation bundle
Create OpenAI-compatible snippets, scopes, request payloads, webhook handlers, or environment files. Specific tool: Generate Node or Python webhook handlers with signature verification for unlimitedcodex events.
Use only non-secret planning inputs. Do not paste raw API keys, bearer tokens, full auth headers, private logs, customer data, or billing screenshots. Generated snippets should use placeholders for BASE_URL, API_KEY, model IDs, webhook secrets, and environment variables.
// unlimitedcodex webhook receiver — Node.js / Next.js App Router
// Signature verification notes:
// - Header: x-ucx-signature (format: t=<unix>,v1=<hex>)
// - Signed payload: `${timestamp}.${rawBody}`
// - Secret env var: UCX_WEBHOOK_SECRET (whsec_ucx_*)
// - Reject timestamps outside a 300s tolerance window.
import { createHmac, timingSafeEqual } from "crypto";
const SIGNATURE_TOLERANCE_SECONDS = 300;
function verifyWebhookSignature(rawBody: string, signatureHeader: string, secret: string) {
const parts = Object.fromEntries(
signatureHeader.split(",").map((part) => {
const [key, value] = part.split("=");
return [key, value];
})
);
const timestamp = Number(parts.t);
const signature = parts.v1;
if (!Number.isInteger(timestamp) || !signature) {
return false;
}
if (Math.abs(Math.floor(Date.now() / 1000) - timestamp) > SIGNATURE_TOLERANCE_SECONDS) {
return false;
}
const signedPayload = `${timestamp}.${rawBody}`;
const expected = createHmac("sha256", secret).update(signedPayload).digest("hex");
const left = Buffer.from(expected, "hex");
const right = Buffer.from(signature, "hex");
return left.length === right.length && timingSafeEqual(left, right);
}
async function recordWebhookEvent(eventId: string, eventType: string) {
// Persist event.id before side effects so retries stay idempotent.
// Return false when this delivery was already processed.
return true;
}
export async function POST(request: Request) {
const rawBody = await request.text();
const signature = request.headers.get("x-ucx-signature") ?? "";
const secret = process.env.UCX_WEBHOOK_SECRET;
if (!secret || !verifyWebhookSignature(rawBody, signature, secret)) {
return new Response("Invalid signature", { status: 400 });
}
const event = JSON.parse(rawBody) as {
id: string;
type: string;
created: string;
data: Record<string, unknown>;
};
const isNew = await recordWebhookEvent(event.id, event.type);
if (!isNew) {
return Response.json({ received: true, duplicate: true });
}
switch (event.type) {
case "usage.threshold_reached": {
// Pause expensive jobs, notify account owners, or refresh quota dashboards.
await handleUsageThreshold(event.data);
break;
}
case "subscription.updated": {
// Refresh local entitlements, package slug, and billing period metadata.
await syncSubscriptionState(event.data);
break;
}
case "api_key.revoked": {
// Invalidate cached credentials and alert the owning team.
await revokeCachedApiKey(event.data);
break;
}
default:
// Ignore unselected event types safely.
break;
}
return Response.json({ received: true });
}Related tools
Migration Generator
Generate or transform OpenAI SDK snippets to unlimitedcodex base URL, keys, and scopes.
Open toolScope Configurator
Select workloads and output least-privilege scopes, .env.example, and a rotation checklist.
Open toolRequest Builder
Build chat completion JSON visually and export cURL, JavaScript, or Python snippets.
Open toolChoose Unlimited Weekly or Unlimited Monthly, complete Stripe checkout, and receive manual setup in 10 minutes to 5 hours. The full API key arrives by email, while the dashboard safely shows delivery details.