Verifying Webhook Signature?

#1

Hi,

I’m using a webhook in conjunction with AWS Lambda and would like to verify the connection. I don’t think I can access the shared secret as part of the handshake. Are there other considerations for verifying the connection?

#2

Ooh, yes, that would be a concern, since your AWS lambda function must echo the content of the secret header back during the handshake - that is, it has to reply with the same header for the handshake to succeed.

One solution might be covered here: https://aws.amazon.com/premiumsupport/knowledge-center/custom-headers-api-gateway-lambda/ It sounds like AWS API Gateway can be given intermediate transformation functions that will take the headers and pack them into the body that’s passed to lambda and (probably) vice-versa, and these would both need to happen for the handshake to succeed.