Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Mandrill API Webhook signature verification. This shows how you could verify a Mandrill signature in a Rails Controller.
class WebhooksController < ActionController::Base
WEBHOOK_KEY = "some_key" # You could also use an API request to lookup the key
before_filter :verify_request_signature
# See: http://help.mandrill.com/entries/23704122-Authenticating-webhook-requests
def verify_request_signature
signed_data = request.url
post_params = request.request_parameters.dup # POST parameters
signed_data += request.request_parameters.sort.join
signature = Base64.strict_encode64(OpenSSL::HMAC.digest('sha1',WEBHOOK_KEY,signed_data))
logger.debug("our: #{signature}, mandrill: #{request.headers['X-Mandrill-Signature']}")
# Do something here.. compare them..
end
end
@freegenie

This comment has been minimized.

Copy link

@freegenie freegenie commented Mar 4, 2014

Thanks! this worked for me.

@aladh

This comment has been minimized.

Copy link

@aladh aladh commented Sep 24, 2015

Thanks!

@xxswingxx

This comment has been minimized.

Copy link

@xxswingxx xxswingxx commented Feb 23, 2016

Thanks!

@tikal

This comment has been minimized.

Copy link

@tikal tikal commented Jun 29, 2016

Thanks !

@philsturgeon

This comment has been minimized.

Copy link

@philsturgeon philsturgeon commented Mar 15, 2017

Thanks for this! Heads up, line 11 should be signed_data += post_params.sort.join

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment