sANDwORm
Reputation: 189
How to secure event grid subscription webhook
What is the best practice to validate that webhook has been sent to my subscription endpoint by azure event grid rather than by other, possibly malicious, service or person.
Upvotes: 7
Views: 1138
Answers (1)
Mikhail Shilkov
Reputation: 35134
When you configure webhook URL, you can put a secret token into a query parameter. Then, in your code you can validate this parameter.
For example, for Azure Function webhook, you would use code parameter:
https://myfunctionapp.azurewebsites.net/api/EventGridWebHook1?code=your_functionapp_code
Upvotes: 2
Related Questions
- Not able to register Event Grid subscription with webhook delivery properties in Azure
- Unable to create Webhook Subscription for Event-Grid
- How do you maintain idempotency with Azure EventGrid webhooks?
- Azure Event Grid Subscription WebHook Validation Fails with Cloud Events Schema v1.0
- Allow only authorized endpoints to send events to event grid
- Event Grid subscription webhook that exists in vpn
- Not able to add webhook subscription to the Azure Event Grid
- EventGrid Webhook Scenario
- Azure Event Grid - Webhook subscription authentication and DDOS protection
- How to resolve this Azure Event Grid Subscription error?