Tern
Reliable inbound webhooks across 15+ platforms.
Start new thread
Prateek Jain

Tern - Reliable inbound webhooks across 15+ platforms.

by
Tern is an open-source SDK that handles webhook verification across 15+ platforms — Stripe, GitHub, Clerk, Shopify and more in just a few lines of code. No boilerplate. No silent failures.Switch platforms without rewriting verification logic. Includes automatic retries, Slack/Discord alerts, and a dead-letter queue so no event disappears quietly. MIT licensed. Zero dependencies. Your secrets stay on your server.

Add a comment

Replies

Best
Prateek Jain
Maker
📌

Hey PH 👋 maker here.

Let me share why Tern exists.

The breaking point

While building Hookflo, I integrated Stripe, Clerk, WorkOS, Sentry, GitHub.

Every one had its own:

  • signature algorithm

  • headers

  • verification quirks

Each integration meant writing a new verification layer from scratch.

And the worst bugs here are the silent ones.

  • One wrong header name → HMAC verification passes garbage data

  • One pre-parsed JSON body → crypto verification breaks

I lost hours debugging this the first time. You probably have too.

At some point I thought:

Why am I solving this problem over and over again?

So I abstracted it once properly for everyone.

What Tern solves

  • Raw body parsing hell

    Most frameworks parse JSON before your handler runs.

    That breaks HMAC verification.

    Tern handles raw body access correctly across:

    Next.js • Express • Cloudflare Workers • Hono

  • Boilerplate per provider

    Stripe verification code
    Clerk verification code
    GitHub verification code

    Different algorithms. Different headers.

    Tern collapses all of this into a few lines of code.

  • “Verified but lost”

    Signature is valid. Your handler throws.

    Provider retries.

    Now you either:

    process the event twice or lose it entirely

    Tern adds a reliability layer to prevent that.

  • Localhost testing pain

    Testing webhooks locally usually means:

  1. ngrok

  2. Cloudflare Tunnel

  3. provider-specific CLIs

Just to receive a POST request.

Tern reduces a lot of that friction.

Reliability layer

After solving verification, the next request developers had was reliability.

So I added an optional reliability layer powered by Upstash QStash.

• automatic retries
• deduplication
• dead-letter queue
• programmatic replay
• Slack & Discord alerts

Enable it with one line.

BYOK model — use your own Upstash account.

Tern stays free and open source.

What’s inside

✅ 15+ platforms
Stripe, Clerk, GitHub, Shopify, Polar, Razorpay, Replicate, Fal AI, WorkOS, LemonSqueezy, Paddle, Doppler, Sentry, Grafana, GitLab, Vercel + custom HMAC

✅ Zero dependencies
Pure TypeScript using the Web Crypto API

✅ Timing-safe verification by default

✅ Switch providers at runtime

✅ Guaranteed delivery
Retries • exponential backoff • DLQ • deduplication

✅ Slack & Discord alerting

✅ MIT licensed
Self-hostable. Tern stores zero keys.

Goal: absorb every webhook pain so developers don’t have to.

⭐ If you like it, a GitHub star means a lot.

Feedback, platform requests, webhook war stories — drop them below.