Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Webhook Signature Generation/Verification #10466

Open
5 tasks
timolegros opened this issue Dec 31, 2024 · 0 comments
Open
5 tasks

Webhook Signature Generation/Verification #10466

timolegros opened this issue Dec 31, 2024 · 0 comments
Assignees
@timolegros
Labels
3 Full day task enhancement New feature or request

Comments

@timolegros
Copy link
Collaborator

Description

In order to ensure end-to-end security for user-facing webhooks, we need to sign all Webhook payloads and then privately provide users with the signing key so they can verify that the request indeed originated from Common.

Tasks

  • Generate + store a signing key for all existing Webhooks
  • Generate + store a signing key for all new Webhooks
  • Update integrations page UI to allow copying the signing key
  • Update Knock to enable signing keys for all environments (see docs)
  • Update user-facing docs with instructions on how to validate Webhook payload/signatures

Additional context

This is a required change before Eliza Common Client integration can go public.
@timolegros timolegros added enhancement New feature or request 3 Full day task labels Dec 31, 2024
@timolegros timolegros self-assigned this Dec 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@timolegros timolegros

Labels
3 Full day task enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@timolegros