Inbound · receive
Configure once, per source
import { Postel, Secret, Keyset } from "@postel/core";
import { config } from "./config.js";
export const postel = Postel({
inbound: {
stripe: {
verify: Secret(config.stripeSecret),
},
// rotate keys with zero downtime — accept either during the window
github: {
verify: [Secret(config.githubSecretNew), Secret(config.githubSecretOld)],
},
// or verify asymmetric signatures straight from a JWKS endpoint
partner: {
verify: Keyset({ jwksUri: "https://partner.example/jwks" }),
},
},
});- ›HMAC v1 + Ed25519 v1a signatures
- ›JWKS consumer — caching, auto-refresh
- ›Multi-secret rotation windows
- ›Idempotent dedup (Postgres / SQLite / memory)
- ›Raw-bytes preservation
- ›Typed errors that name the failed step