medmunds
commented
11 years ago Thanks, that would be a great addition, and we'd welcome your stab at it.
The signature checking option didn't exist in Mandrill when jpadilla implemented the webhooks. Mandrill support specifically recommended we use the callback secret at that time. (See discussion in #25.) But now that Mandrill offers signatures, it'd be good to get Djrill caught up.
I've just implemented mandrill webhooks using djrill and it works like a charm. However, security could be improved by adding signature checking as per http://help.mandrill.com/entries/23704122-Authenticating-webhook-requests
Is this in the cards already? Otherwise I could take a stab at it, eg as an optional setting DJRILL_WEBHOOK_SIGNATURE_KEY that, if provided is used to check that the webhook post is properly signed.