Menu
What is the best practice to validate that webhook has been sent to my subscription endpoint by azure event grid rather than by other, possibly malicious, service or person.
295
To give you a high level overview - Secure Webhook action enables you to take advantage of Azure Active Directory to secure the connection between your action group and your protected web API (webhook endpoint).
You must have the Microsoft. EventGrid/EventSubscriptions/Write permission on the resource that is the event source. You need this permission because you're writing a new subscription at the scope of the resource. The required resource differs based on whether you're subscribing to a system topic or custom topic.
The noticeable difference between them is that Event Hubs are accepting only endpoints for the ingestion of data and they don't provide a mechanism for sending data back to publishers. On the other hand, Event Grid sends HTTP requests to notify events that happen in publishers.
When you configure webhook URL, you can put a secret token into a query parameter. Then, in your code you can validate this parameter.
For example, for Azure Function webhook, you would use code parameter:
https://myfunctionapp.azurewebsites.net/api/EventGridWebHook1?code=your_functionapp_code
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
