Verifying Webhook Signature?



I’m using a webhook in conjunction with AWS Lambda and would like to verify the connection. I don’t think I can access the shared secret as part of the handshake. Are there other considerations for verifying the connection?


Ooh, yes, that would be a concern, since your AWS lambda function must echo the content of the secret header back during the handshake - that is, it has to reply with the same header for the handshake to succeed.

One solution might be covered here: It sounds like AWS API Gateway can be given intermediate transformation functions that will take the headers and pack them into the body that’s passed to lambda and (probably) vice-versa, and these would both need to happen for the handshake to succeed.