search

mailgun / documentation

Mailgun Documentation
http://documentation.mailgun.com/
MIT License
79 stars 148 forks source link

Securing webhooks needs C# example #584

Open scattered-code opened 2 years ago

scattered-code commented 2 years ago

You can include this:

private string ComputeSignature(string stringToSign)
{
    var secret = "Webhook Signing Key";
    using (var hmac = new HMACSHA256(Encoding.ASCII.GetBytes(secret)))
    {
        var signature = hmac.ComputeHash(Encoding.ASCII.GetBytes(stringToSign));
        return BitConverter.ToString(signature).Replace("-", "");
    }
}

var digest = ComputeSignature(emailEvent.Signature.Timestamp + emailEvent.Signature.Token);
if (digest.Equals(emailEvent.Signature.Signature, StringComparison.OrdinalIgnoreCase))
    ... //signature valid