Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: verify signature from event webhook #969

Merged
merged 1 commit into from
May 29, 2020
Merged

feat: verify signature from event webhook #969

merged 1 commit into from
May 29, 2020

Conversation

childish-sambino
Copy link
Contributor

When enabling the "Signed Event Webhook Requests" feature in Mail Settings, Twilio SendGrid will generate a private and public key pair using the Elliptic Curve Digital Signature Algorithm (ECDSA). Once that is successfully enabled, all new event posts will have two new headers: X-Twilio-Email-Event-Webhook-Signature and X-Twilio-Email-Event-Webhook-Timestamp, which can be used to validate your events.

This SDK update will make it easier to verify signatures from signed event webhook requests by using the VerifySignature method. Pass in the public key, event payload, signature, and timestamp to validate. Note: You will need to convert your public key string to an elliptic public key object in order to use the VerifySignature method.

feat: verify signature from event webhook
bde76ed 
When enabling the "Signed Event Webhook Requests" feature in Mail Settings, Twilio SendGrid will generate a private and public key pair using the Elliptic Curve Digital Signature Algorithm (ECDSA). Once that is successfully enabled, all new event posts will have two new headers: X-Twilio-Email-Event-Webhook-Signature and X-Twilio-Email-Event-Webhook-Timestamp, which can be used to validate your events.

This SDK update will make it easier to verify signatures from signed event webhook requests by using the VerifySignature method. Pass in the public key, event payload, signature, and timestamp to validate. Note: You will need to convert your public key string to an elliptic public key object in order to use the VerifySignature method.
@thinkingserious thinkingserious added the status: code review request requesting a community code review or review from Twilio label May 27, 2020
eshanholtz
eshanholtz approved these changes May 29, 2020
View reviewed changes
Copy link
Contributor

@eshanholtz eshanholtz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

very nice

@childish-sambino childish-sambino merged commit eb22165 into master May 29, 2020
@childish-sambino childish-sambino deleted the event-webhook branch May 29, 2020 16:21
RobertG4M added a commit to RobertG4M/sendgrid-php that referenced this pull request Jan 19, 2021
@RobertG4M
feat: verify signature from event webhook
6e61ab6 
Brings in the changes raised in this PR - sendgrid#969
@RobertG4M RobertG4M mentioned this pull request Jan 19, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eshanholtz eshanholtz eshanholtz approved these changes

Assignees
No one assigned
Labels
status: code review request requesting a community code review or review from Twilio
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@childish-sambino @eshanholtz @thinkingserious