Best answer

Verify signature of incoming webhook

  • 30 July 2021
  • 5 replies
  • 447 views

Userlevel 1

Hi,

I am using the Catch Raw Hook feature from Zapier.

 

My server will push events to that Raw Hook’s URL. I know that URL should be treated like a secret but as an additional guarantee I wanted to ensure in the Zap flow that the received message actually was sent from our servers.

 

Usually this is done by signing the message payload and including a header in the POST request.

 

I cannot seem to find a way to do signature verification in the Zap though.

The JavaScript code feature is limited and not allowed third party node modules such as crypto.

I tried using AWS lambda to do the verification on our side but even when throwing an exception in the lambda to indicate that the signature verification failed, the zap still continues to the next step.

 

Is this possible in any way?

Thanks,

icon

Best answer by ralphsomeday 2 August 2021, 11:12

View original

This post has been closed for comments. Please create a new post if you need help or have a question about this topic.

5 replies

Userlevel 7
Badge +14

@ralphsomeday 

Would you mind sharing your code snippet for others to learn from? Thanks.

Userlevel 1

Hi Troy,

I finally managed to accomplish what I want using NodeJs Crypto module.

 

Thanks for your help,

Userlevel 7
Badge +14

@ralphsomeday 

You can specify a response body to verify the signature request

 

Userlevel 1

What would https://webhook.site/ help me with?

Userlevel 7
Badge +14

Hi @ralphsomeday 

The Zapier Webhooks app trigger does not currently support signature verification responses.

Try using: https://webhook.site/