SendGrid传入邮件Webhook-如何保护端点 [英] SendGrid incoming mail webhook - how do I secure my endpoint

问题描述

我目前正在使用SendGrid的入站解析Webhook向我的应用程序发送电子邮件.通过将URL指向我的应用程序已公开的端点，我已经能够使其工作. SendGrid只是以JSON格式的HTTP POST请求的形式将电子邮件发送到此端点，而我只是在内部处理每个请求.

I'm currently using SendGrid's Inbound Parse Webhook to feed emails to my application. I've been able to get it working by pointing the URL to an endpoint which my application has exposed. SendGrid just sends the email in the form of a JSON format HTTP POST request to this endpoint and I just process each request internally.

我的问题是，既然我可以使用它，如何确保只有SendGrid可以使用此端点?目前，任何人都可以使用此HTTP POST端点并假装已将电子邮件发送到应用程序.

My question is, now that I have it working, how do I ensure that only SendGrid can use this endpoint? At the moment, anyone can utilise this HTTP POST endpoint and pretend that an email has been sent to the application.

我可以让SendGrid发送某种独特的密钥来标识自己吗?有什么方法可以限制IP地址吗?

Can I get SendGrid to send some sort of unique key to identify themselves? Is there a way I can restrict by ip address?

推荐答案

可以使用两种方法保护端点. SendGrid的webhook支持基本身份验证(例如https://user:pass@example.com/endpoint).您还可以实现一个唯一密钥，在对请求执行操作之前应进行检查(例如https://example.com/endpoint?key=123).

There are two ways which you may secure your endpoint. SendGrid's webhooks support basic auth (e.g. https://user:pass@example.com/endpoint). You can also implement a unique key, that you check before acting upon the request (e.g. https://example.com/endpoint?key=123).

简单的答案是，添加到URL中的任何内容都可以充当SendGrid的唯一身份验证.

The simple answer, however, is anything that you add to the URL can act as unique authentication for SendGrid.

这篇关于SendGrid传入邮件Webhook-如何保护端点的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！