Skip to content

Instantly share code, notes, and snippets.

@joost
Last active February 4, 2021 13:39
Show Gist options
  • Save joost/6460736 to your computer and use it in GitHub Desktop.
Save joost/6460736 to your computer and use it in GitHub Desktop.
Mandrill API Webhook signature verification. This shows how you could verify a Mandrill signature in a Rails Controller.
class WebhooksController < ActionController::Base
WEBHOOK_KEY = "some_key" # You could also use an API request to lookup the key
before_filter :verify_request_signature
# See: http://help.mandrill.com/entries/23704122-Authenticating-webhook-requests
def verify_request_signature
signed_data = request.url
post_params = request.request_parameters.dup # POST parameters
signed_data += request.request_parameters.sort.join
signature = Base64.strict_encode64(OpenSSL::HMAC.digest('sha1',WEBHOOK_KEY,signed_data))
logger.debug("our: #{signature}, mandrill: #{request.headers['X-Mandrill-Signature']}")
# Do something here.. compare them..
end
end
@philsturgeon
Copy link

Thanks for this! Heads up, line 11 should be signed_data += post_params.sort.join

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment