Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: verify signature from event webhook #425

Merged
merged 6 commits into from
Jun 10, 2020
Merged

feat: verify signature from event webhook #425

merged 6 commits into from
Jun 10, 2020

Conversation

eshanholtz
Copy link
Contributor

@eshanholtz eshanholtz commented Jun 8, 2020
edited
Loading

When enabling the "Signed Event Webhook Requests" feature in Mail Settings, Twilio SendGrid will generate a private and public key pair using the Elliptic Curve Digital Signature Algorithm (ECDSA). Once that is successfully enabled, all new event posts will have two new headers: X-Twilio-Email-Event-Webhook-Signature and X-Twilio-Email-Event-Webhook-Timestamp, which can be used to validate your events.

This SDK update will make it easier to verify signatures from signed event webhook requests by using the VerifySignature method. Pass in the public key, event payload, signature, and timestamp to validate. Note: You will need to convert your public key string to an elliptic public key object in order to use the VerifySignature method.

Note: this feature is not available on the JRuby platform, since it does not currently support ECDSA.

@eshanholtz
feat: verify signature from event webhook
381d3ed 
When enabling the "Signed Event Webhook Requests" feature in Mail Settings, Twilio SendGrid will generate a private and public key pair using the Elliptic Curve Digital Signature Algorithm (ECDSA). Once that is successfully enabled, all new event posts will have two new headers: X-Twilio-Email-Event-Webhook-Signature and X-Twilio-Email-Event-Webhook-Timestamp, which can be used to validate your events.

This SDK update will make it easier to verify signatures from signed event webhook requests by using the VerifySignature method. Pass in the public key, event payload, signature, and timestamp to validate. Note: You will need to convert your public key string to an elliptic public key object in order to use the VerifySignature method.
@thinkingserious thinkingserious added the status: code review request requesting a community code review or review from Twilio label Jun 8, 2020
thinkingserious
thinkingserious approved these changes Jun 9, 2020
View reviewed changes
Copy link
Contributor

@thinkingserious thinkingserious left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

lib/sendgrid/helpers/eventwebhook/eventwebhook.rb Outdated Show resolved Hide resolved
@childish-sambino
Copy link
Contributor

Example usage needed.

@childish-sambino childish-sambino merged commit b4ee4e1 into master Jun 10, 2020
@childish-sambino childish-sambino deleted the webhook branch June 10, 2020 20:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thinkingserious thinkingserious thinkingserious approved these changes

@childish-sambino childish-sambino childish-sambino approved these changes

Assignees
No one assigned
Labels
status: code review request requesting a community code review or review from Twilio
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@eshanholtz @childish-sambino @thinkingserious