DEV Community: Reinvoice LLC The latest articles on DEV Community by Reinvoice LLC (@reinvoice). https://dev.to/reinvoice https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3971655%2F03ced65a-b340-433d-b230-53d627c79a48.png DEV Community: Reinvoice LLC https://dev.to/reinvoice en How We Built Cryptographic Invoice Signatures for a SaaS Invoicing Platform Reinvoice LLC Sat, 06 Jun 2026 18:21:00 +0000 https://dev.to/reinvoice/how-we-built-cryptographic-invoice-signatures-for-a-saas-invoicing-platform-1mia https://dev.to/reinvoice/how-we-built-cryptographic-invoice-signatures-for-a-saas-invoicing-platform-1mia <h1> How Reinvoice Uses HMAC Signatures to Detect Invoice Tampering </h1> <p>Every invoice sent through Reinvoice includes a cryptographic integrity signature.</p> <p>It is not a PDF stamp, a visual badge, or a checkbox. It is an HMAC-SHA256 hash generated from the invoice payload and a server-side signing secret. If signed invoice data changes after creation, Reinvoice can recompute the hash, compare it to the stored signature, and flag the invoice as potentially tampered with.</p> <p>Here is why we built it, how it works, and what we learned.</p> <h2> Why Integrity Checks Matter for Invoicing </h2> <p>Invoices are high-value documents. A single altered field could change a payment amount, tax calculation, client record, or audit trail.</p> <p>Most invoicing systems treat invoices as ordinary database records. That works for normal CRUD workflows, but it does not automatically prove that the invoice data being viewed today is the same data that was created and sent.</p> <p>Reinvoice adds an integrity layer.</p> <p>When an invoice is created, we sign the fields that define the invoice. Later, when someone verifies the invoice, we recompute the signature from the current data and compare it against the original stored signature. If the values do not match, the invoice is flagged.</p> <h2> The Implementation </h2> <p>The signature is stored in two places: on the invoice record in the database, and behind a public verification endpoint.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">createHmac</span><span class="p">,</span> <span class="nx">timingSafeEqual</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">node:crypto</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">SIGNATURE_FIELDS</span> <span class="o">=</span> <span class="p">[</span> <span class="dl">'</span><span class="s1">invoiceNumber</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">issuerName</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">clientName</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">totalAmount</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">currency</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">taxAmount</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">issuedAt</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">dueDate</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">lineItems</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">notes</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">subtotal</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">discountAmount</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">shippingAmount</span><span class="dl">'</span><span class="p">,</span> <span class="p">]</span> <span class="k">as</span> <span class="kd">const</span><span class="p">;</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">generateInvoiceHash</span><span class="p">(</span><span class="nx">invoice</span><span class="p">:</span> <span class="nx">InvoiceData</span><span class="p">):</span> <span class="kr">string</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="nx">SIGNATURE_FIELDS</span><span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="nx">field</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">value</span> <span class="o">=</span> <span class="nx">invoice</span><span class="p">[</span><span class="nx">field</span> <span class="k">as</span> <span class="kr">keyof</span> <span class="nx">InvoiceData</span><span class="p">];</span> <span class="k">return</span> <span class="s2">`</span><span class="p">${</span><span class="nx">field</span><span class="p">}</span><span class="s2">=</span><span class="p">${</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">value</span><span class="p">)}</span><span class="s2">`</span><span class="p">;</span> <span class="p">}).</span><span class="nf">join</span><span class="p">(</span><span class="dl">'</span><span class="s1">|</span><span class="dl">'</span><span class="p">);</span> <span class="k">return</span> <span class="nf">createHmac</span><span class="p">(</span><span class="dl">'</span><span class="s1">sha256</span><span class="dl">'</span><span class="p">,</span> <span class="nx">SIGNING_SECRET</span><span class="p">)</span> <span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="nx">payload</span><span class="p">)</span> <span class="p">.</span><span class="nf">digest</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The verification endpoint accepts an invoice identifier or verification token, loads the invoice, recomputes the hash, and checks whether the stored signature still matches the current invoice data.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">verifyInvoiceSignature</span><span class="p">(</span><span class="nx">invoiceId</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">boolean</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">invoice</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nx">query</span><span class="p">.</span><span class="nx">invoices</span><span class="p">.</span><span class="nf">findFirst</span><span class="p">({</span> <span class="na">where</span><span class="p">:</span> <span class="nf">eq</span><span class="p">(</span><span class="nx">invoices</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="nx">invoiceId</span><span class="p">),</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">invoice</span><span class="p">?.</span><span class="nx">signatureHash</span><span class="p">)</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">expectedHash</span> <span class="o">=</span> <span class="nf">generateInvoiceHash</span><span class="p">(</span><span class="nx">invoice</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">actual</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">invoice</span><span class="p">.</span><span class="nx">signatureHash</span><span class="p">,</span> <span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">expected</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">expectedHash</span><span class="p">,</span> <span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">actual</span><span class="p">.</span><span class="nx">length</span> <span class="o">!==</span> <span class="nx">expected</span><span class="p">.</span><span class="nx">length</span><span class="p">)</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="k">return</span> <span class="nf">timingSafeEqual</span><span class="p">(</span><span class="nx">actual</span><span class="p">,</span> <span class="nx">expected</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>We use <code>timingSafeEqual</code> instead of a normal string comparison because signature comparison should not leak useful timing information to an attacker.</p> <h2> Why HMAC Instead of Public-Key Signatures? </h2> <p>HMAC-SHA256 is a good fit for our current use case because verification is server-mediated. The signing secret stays on the Reinvoice server, and recipients verify invoices through a public endpoint rather than verifying locally inside the PDF.</p> <p>That gives us a few practical benefits:</p> <ol> <li>The signing secret never needs to be distributed to clients.</li> <li>There is no certificate chain, expiration, or renewal process to manage.</li> <li>The signature is small and easy to store.</li> <li>Verification can be integrated directly into the invoice page.</li> </ol> <p>The tradeoff is that verification requires Reinvoice to be online. You cannot independently verify the invoice offline with only the PDF. If we ever need offline verification, we would add public-key signatures alongside the current HMAC-based integrity check.</p> <h2> Where the Signature Appears </h2> <p>Every invoice page includes a verification badge:</p> <blockquote> <p>Signed: This invoice was cryptographically verified by Reinvoice.</p> </blockquote> <p>When someone clicks “Verify signature,” Reinvoice checks the stored signature against the current invoice data. If the values match, the invoice is shown as authentic and unchanged. If they do not match, the badge changes state and the mismatch is logged for investigation.</p> <h2> Lessons Learned </h2> <h3> 1. Sign structured data, not rendered PDFs </h3> <p>Our first approach was too close to the PDF generation step. That made verification fragile because small rendering differences could change the final PDF bytes.</p> <p>Signing the structured invoice payload is more reliable. The invoice data is the source of truth, so that is what we protect.</p> <h3> 2. Be explicit about signed fields </h3> <p>The field list matters. If a field affects the invoice total, tax amount, payment expectations, or client-facing record, it should be considered for signing.</p> <p>We learned this when reviewing fields like <code>discountAmount</code> and <code>shippingAmount</code>. Leaving out financial fields creates gaps where invoice data could change without invalidating the signature.</p> <h3> 3. Separate immutable invoice data from changing workflow state </h3> <p>Some fields change naturally after an invoice is sent. Payment status is a good example. An invoice may move from <code>sent</code> to <code>paid</code> without meaning the original invoice was tampered with.</p> <p>For that reason, the signed payload should focus on the invoice data that should remain stable after sending. Workflow state can be tracked separately in the audit log.</p> <h3> 4. Public verification needs rate limits </h3> <p>The verification endpoint is intentionally public because clients receiving invoices by email should not need a Reinvoice account to verify authenticity.</p> <p>Public does not mean unlimited. The endpoint should still be rate-limited, use non-guessable verification tokens where possible, and avoid exposing sensitive invoice details.</p> <h3> 5. Log failures carefully </h3> <p>Verification failures are useful signals. They can reveal tampering attempts, data corruption, serialization bugs, or migration issues.</p> <p>We log signature mismatches for audit and debugging, but we avoid exposing sensitive details in public responses.</p> <h2> The Full Picture </h2> <p>HMAC signatures are one layer in Reinvoice’s broader invoice integrity system.</p> <p>Combined with tax calculation, payment tracking, and audit logs, they help freelancers and contractors trust that the invoice they created is the same invoice their client sees later.</p> <p>For a document tied to income, taxes, and client records, that trust matters.</p> webdev security typescript saas