Skip to content

Instantly share code, notes, and snippets.

@joost

joost/webhooks_controller.rb

Last active February 4, 2021 13:39
Show Gist options
  • Star 5 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save joost/6460736 to your computer and use it in GitHub Desktop.
Save joost/6460736 to your computer and use it in GitHub Desktop.
Download ZIP
Mandrill API Webhook signature verification. This shows how you could verify a Mandrill signature in a Rails Controller.
Raw
webhooks_controller.rb
class WebhooksController < ActionController::Base
WEBHOOK_KEY = "some_key" # You could also use an API request to lookup the key
before_filter :verify_request_signature
# See: http://help.mandrill.com/entries/23704122-Authenticating-webhook-requests
def verify_request_signature
signed_data = request.url
post_params = request.request_parameters.dup # POST parameters
signed_data += request.request_parameters.sort.join
signature = Base64.strict_encode64(OpenSSL::HMAC.digest('sha1',WEBHOOK_KEY,signed_data))
logger.debug("our: #{signature}, mandrill: #{request.headers['X-Mandrill-Signature']}")
# Do something here.. compare them..
end
end
@freegenie
Copy link

Thanks! this worked for me.

@aladh
Copy link

aladh commented Sep 24, 2015

Thanks!

@xxswingxx
Copy link

Thanks!

@tikal
Copy link

tikal commented Jun 29, 2016

Thanks !

@philsturgeon
Copy link

Thanks for this! Heads up, line 11 should be signed_data += post_params.sort.join

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment