{"id":30619,"date":"2023-10-15T14:03:36","date_gmt":"2023-10-15T22:03:36","guid":{"rendered":"https:\/\/alexrusin.com\/?p=30619"},"modified":"2024-08-09T06:50:57","modified_gmt":"2024-08-09T14:50:57","slug":"api-gateway-webhooks-hmac-validation","status":"publish","type":"post","link":"https:\/\/blog.alexrusin.com\/api-gateway-webhooks-hmac-validation\/","title":{"rendered":"API Gateway Webhooks Lambda HMAC Validation"},"content":{"rendered":"\n

In the previous post HMAC Validation<\/a> we explored how to validate HMAC in an API project. The video Webhooks Processing: HTTP API Gateway + SQS +Lambd<\/a>a<\/a> shows how to created a scalable solution for receiving webhooks and throttling them with SQS and Lambda. In this article we will look at how to use HMAC Validation with AWS API Gateway, SQS, and Lambda.<\/p>\n\n\n\n

HTTP API Gateway Webhooks HMAC Validation Implementation<\/h2>\n\n\n\n

As a reminder, we created HTTP API Gateway to receive webhooks. We placed webhooks on an SQS. From the SQS webhooks were picked up by lambda for further processing. In case processing failed, we created a DLQ, dead letter queue for the failed messages. Optionally, we will also add an S3 bucket to save webhook\u2019s request body.<\/p>\n\n\n\n

\"Webhooks<\/figure>\n\n\n\n

Most importantly though, we used SQS Message Attributes to map webhook headers that are important for processing, so we can get access to them in Lambda function. Those headers were x-topc<\/code> and x-hmac<\/code>. Obviously those headers will be different depending on the service you are integrating with. For, example, corresponding Recharge headers are called X-Recharge-Topic<\/code> and X-Recharge-Hmac-Sha256<\/code> However, for the sake of simplicity, we will just stick with x-topic<\/code> and x-hmac<\/code> Since we are going to be saving webhook\u2019s request body to an S3 bucket, an additional attribute x-webhook-id<\/code> will be mapped as well and it will be used as the key in s3 bucket. Corresponding header in Shopify webhook, for example, is X-Shopify-Webhook-Id<\/code><\/p>\n\n\n\n

\n

? Master AWS Fundamentals!<\/strong> ?<\/p>\n\n\n\n

Ready to dive into the world of cloud computing? Check out this comprehensive course on Coursera: AWS Fundamentals Specialization<\/a><\/p>\n\n\n\n

This certification course covers everything you need to know about Amazon Web Services, from the basics to advanced concepts, making it perfect for both beginners and those looking to enhance their cloud skills. Enroll now and elevate your career with in-demand AWS expertise! ??<\/p>\n<\/blockquote>\n\n\n\n

In the video Webhooks Processing: HTTP API Gateway + SQS + Lambda <\/a>we showed how to create AWS resources through AWS console. This time we will be using terraform code to re-create the resources and add an S3 bucket. The terraform code is available in this GitHub Repository<\/a>.<\/p>\n\n\n\n

In this article we will only look at the Lambda function code for validating HMAC with HTTP API Gateway an saving webhooks to S3 bucket. Please watch the video below for more in depth explanation.<\/p>\n\n\n\n

\n