SecureWebhooks is a .NET library that implements GitHub-style webhook security, enabling you to securely send and validate webhook payloads using HMAC signatures. This approach follows the best practices outlined in GitHub's official documentation.
- HMAC Signature Generation & Validation: Easily create and verify signatures for webhook payloads.
- Flexible Integration: Works with both Newtonsoft.Json and System.Text.Json serializers.
- Reusable Helpers: Simple APIs for both sending and receiving secure webhooks.
Use the WebhookHelpers.CreateContentWithSecureHeader method to generate an HTTP request body and the appropriate signature header:
var (content, signatureHeader) = WebhookHelpers.CreateContentWithSecureHeader(payload, secret);
// Add 'content' as the request body and 'signatureHeader' as the header in your HTTP requestOn the receiving side, use WebhookHelpers.ValidateAndGetPayload to validate the signature and extract the payload:
var (isValid, payload) = WebhookHelpers.ValidateAndGetPayload(requestBody, signatureHeader, secret);
if (!isValid)
{
// Handle invalid signature
}
// Use 'payload' as your deserialized objectSecureWebhooks(core logic)SecureWebhooks.Newtonsoft(for Newtonsoft.Json)SecureWebhooks.SystemTextJson(for System.Text.Json)
This project is licensed under the MIT License.
For more details, see the source code and examples in the repository.