A Node.js Express server for receiving and storing Android notification data from the Notification Listener app.
- ✅ Webhook Endpoint - Receives notification data via HTTP POST
- ✅ SQLite Database - Stores notifications and device information
- ✅ API Key Authentication - Optional security layer
- ✅ REST API - Query stored notifications and statistics
- ✅ Health Monitoring - Health check endpoint
- ✅ CORS Support - Cross-origin requests enabled
- ✅ Request Logging - Morgan HTTP request logger
- ✅ Security Headers - Helmet.js security middleware
cd backend
npm installEdit .env file:
PORT=3000
API_KEY=your-secret-api-key# Development (with auto-reload)
npm run dev
# Production
npm startThe server will start on http://localhost:3000
| Method | Endpoint | Description |
|---|---|---|
POST |
/webhook |
Main notification receiver |
POST |
/test |
Test endpoint |
GET |
/health |
Health check |
| Method | Endpoint | Description |
|---|---|---|
GET |
/notifications |
Get stored notifications |
GET |
/devices |
Get registered devices |
GET |
/stats |
Get statistics |
All endpoints (except /health) require the X-API-Key header if API_KEY is configured in .env.
curl -H "X-API-Key: your-secret-api-key" http://localhost:3000/notifications- Set Endpoint URL:
http://your-server:3000/webhook - Set API Key:
your-secret-api-key(optional)
{
"deviceId": "550e8400-e29b-41d4-a716-446655440000",
"packageName": "id.dana",
"appName": "DANA",
"postedAt": "2025-09-01T14:30:24+07:00",
"title": "Payment received",
"text": "Anda menerima Rp 100.000",
"amountDetected": "100000",
"extras": {
"android.title": "Payment received"
}
}{
"success": true,
"message": "Notification received successfully",
"id": 123,
"timestamp": "2025-09-01T07:30:24.000Z"
}curl -H "X-API-Key: your-secret-api-key" \
"http://localhost:3000/notifications?limit=10"curl -H "X-API-Key: your-secret-api-key" \
"http://localhost:3000/notifications?device_id=550e8400-e29b-41d4-a716-446655440000"curl -H "X-API-Key: your-secret-api-key" \
"http://localhost:3000/stats"CREATE TABLE notifications (
id INTEGER PRIMARY KEY AUTOINCREMENT,
device_id TEXT NOT NULL,
package_name TEXT NOT NULL,
app_name TEXT,
posted_at TEXT,
title TEXT,
text TEXT,
sub_text TEXT,
big_text TEXT,
channel_id TEXT,
notification_id INTEGER,
amount_detected TEXT,
extras TEXT,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP
);CREATE TABLE devices (
id INTEGER PRIMARY KEY AUTOINCREMENT,
device_id TEXT UNIQUE NOT NULL,
last_seen DATETIME DEFAULT CURRENT_TIMESTAMP,
total_notifications INTEGER DEFAULT 0,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP
);curl -X POST "http://localhost:3000/test" \
-H "Content-Type: application/json" \
-H "X-API-Key: your-secret-api-key" \
-d '{
"test": true,
"message": "Test notification",
"timestamp": "2025-09-01T07:30:24Z"
}'curl http://localhost:3000/healthnpm install -g pm2
pm2 start server.js --name "notification-backend"
pm2 startup
pm2 saveFROM node:18-alpine
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
EXPOSE 3000
CMD ["node", "server.js"]| Variable | Description | Default |
|---|---|---|
PORT |
Server port | 3000 |
API_KEY |
API authentication key | your-secret-api-key |
DB_PATH |
SQLite database path | ./notifications.db |
- Enable API key authentication in production
- Use HTTPS in production
- Consider rate limiting for high-traffic scenarios
- Regularly backup the SQLite database
- Monitor server logs for suspicious activity
-
Database locked error
- Ensure only one server instance is running
- Check file permissions for
notifications.db
-
API key errors
- Verify
.envfile configuration - Check
X-API-Keyheader in requests
- Verify
-
CORS issues
- Modify CORS configuration in
server.js - Check browser developer tools for CORS errors
- Modify CORS configuration in
Server logs include:
- HTTP request details (via Morgan)
- Database operations
- Error messages
- Notification processing info