SendGrid事件通知身份验证 [英] SendGrid event notification authentication

问题描述

我已经为sendgrid设置了一个端点来发送事件通知.但是，服务器使用基本身份验证进行设置，并且事件未通过，因为它们未经身份验证.如何通过SendGrid或白名单SendGrid对这些事件webhooks进行身份验证?

I have setup an endpoint for sendgrid to send event notifications. However, the server is setup with basic authentication and the events don't come through because they are not authenticated. How can I authenticate these event webhooks by SendGrid or whitelist SendGrid?

推荐答案

设置HTTP POST URL时，可以通过将其设置为类似

You can use basic authentication when setting up the HTTP POST URL by setting it to a value like https://user:password@this.is.my.test/listening/endpoint

其中用户"是基本身份验证用户名，密码"是用户的基本身份验证密码.

Where "user" is the basic authentication user name and "password" is the basic authentication password for the user.

或

在设置HTTP POST URL包含查询字符串值时，请关闭对侦听端点的基本身份验证，并使用简单的检查来防止随机的人/机器人在侦听端点执行所有代码:

Turn off basic authentication to your listening endpoint and use a simple check to prevent random people/bots from executing all the code at your listening endpoint, when setting the HTTP POST URL include a querystring value:

然后，您的侦听代码应该做的第一件事是提取查询字符串，并检查"key" ="some_random_value"(如果不是)，则仅返回错误/无效的请求.如果查询字符串包含"key" ="some_random_value"，则您的代码应解析正文.它不是防弹的，但应阻止大多数随机请求.

Then the first thing your listening code should do is extract the querystring and check that "key" = "some_random_value" if is doesn't then just return bad/invalid request. If the querystring contains "key" = "some_random_value" then your code should parse the body. It's not bulletproof but should stop most random requests.

或

组合技巧并同时做它们！

Combine the techniques and do them both!

这篇关于SendGrid事件通知身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！