API tools faq
paste
Guest User

Untitled

a guest
Oct 17th, 2021
216
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.33 KB | None | 0 0
raw download clone embed print report
  1. Checking Webhook Signatures
  2.  
  3. Webhook requests contain a Signature header. The signature can be used to verify the webhook request is coming from [3P].
  4. Before you can verify signatures, you'll need to retrieve the environment's public key from [our] JWKS endpoint. This will
  5. return the current public JSON Web Key Set and this will contain one JWK for now.
  6.  
  7. You’ll need to convert the JWK to a RSA Public Key.
  8. URL Decode the n parameter & cast to a BigInteger; this is your modulus
  9. URL Decode the e parameter & cast to a BigInteger; this is your public exponent
  10. Then generate the public key using the kty - Key Type
  11. Once you have the RSA Public Key, you can use it to create an RSA Verifier. With the RSA Verifier:
  12. Convert the body to a byte array; and,
  13. Base64 decode the Signature header
  14. Then you'll be able to successfully verify webhook events are safely being sent from [3P].
  15.  
  16. Example
  17. This is an example JSON Web Key (JWK) -
  18.  
  19. {
  20. "kty": "RSA",
  21. "kid": "2020-03-18",
  22. "alg": "RS256",
  23. "n": "ANV-aocctqt5xDRnqomCgsO9dm4hM0Qd75TqG7z2G5Z89JQ7SRy2ok-fIJRiSU5-
  24. JfjPc3uph3gSOXyqlNoEh4YGL2R4AP7jhxy9xv0gDVtj1tExB_mmk8EUbmj8hTIrfAgEJrDe
  25. B4qMk7MkkKxhHkhLNEJEPZfgYHcHcuKjp2l_vtpiuR9Ouz0febB9K4gLozrp9KHW2Km0z02-tSurxmmij5nnJCEgp0wXcCS4w4G0jve4hcLlL9FU8HKxrb0d4rMQgM3VAal6yG5pwMdtrsch7xAoccwWFC_tHgpDJGNvOJNFtuk7Cit_aom-6U6ssGF13sUtdrog2ePWjVxc=",
  26. "e": "AQAB"
  27. }
  28.  
  29. This is a webhook request whose Signature header along with the JWK above can be used to verify the request body -
  30.  
  31. headers:
  32.  
  33. Signature: 1IJl6VyKU4pYfqMHUd55QBNq5Etbz5a7DOCkID2Nloay76y4f02w2iMXONlyL
  34. /Bx9SkrbivOHW1l1XadkUrd5pKUK1fhpcnItukLrsK5ADQOcuEjSLBg9qJffZYooXfc7hOD
  35. /fV0sN33W2vBYJspbR3P766DwG/6IO/20f9t
  36. /DcSWa79EFZPMnsCicEArNS3iIYBtdZSX5ta5EETt7S8acHbpIlSDrTcYpo0vuz19LQ6SPQq
  37. N2LGdR+U7ZOiUQWdfMXhUgE7w94pHQzcOq1IHfw3CylUEcRR
  38. /DhrGqs4mBaagO6JpWzeqE1uTAiN579kOtSSqjblTb2AXALTQ3+TtA==
  39. X-Request-ID: ff26b0c3-3a7f-4652-b17a-262da0dd9c85
  40. Content-Type: application/json
  41.  
  42. body:
  43.  
  44. {"eventId":"569886904","officeId":"132917981","eventType":"
  45. INTEGRATION_DEACTIVATED","event":{"integration":{"status":"INACTIVE","
  46. webhookId":"2bc47eed-08a0-4d18-a5c0-b7f18ab802e3","officeId":"
  47. 132917981","createdDateTime":"2020-03-17T23:39:41.804Z","
  48. lastUpdatedDateTime":"2020-03-17T23:39:41.804Z"}},"createdDateTime":"
  49. 2020-03-17T23:39:41.806Z"}
  50.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!