Add native support for verifying webhook events with dynamic signatures
Which Cloud Service Provider (CSP)?: Fivetran-managed cloud service
Which connector or destination is being used? (Specific product version / type): Webhooks event connector receiving Twilio SendGrid Event Webhook events
Additional details: Please add native support for verifying Twilio SendGrid Signed Event Webhooks. SendGrid dynamically signs each request using ECDSA and sends the signature and timestamp in the X-Twilio-Email-Event-Webhook-Signature and X-Twilio-Email-Event-Webhook-Timestamp headers. Verification requires SendGrid’s public key and the unmodified raw request-body bytes combined with the timestamp. Fivetran currently supports shared-secret HMAC, static token authentication, or no authentication; its HMAC option is incompatible with SendGrid’s ECDSA signatures. As a result, SendGrid events can only be ingested by selecting None, leaving the endpoint without sender verification. Please support configurable ECDSA signature verification for webhook connectors, including public-key configuration, signature and timestamp header names, raw-body verification, and timestamp/replay validation.
https://www.twilio.com/docs/sendgrid/for-developers/tracking-events/getting-started-event-webhook-security-features#verify-the-signature
Please sign in to leave a comment.
Comments
0 comments