Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
lib
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

WebhookSignatureVerifier

A small Sinatra app to verify the webhook payload signature

Description

Travis CI's webhook notification delivers a POST request to the specified endpoint a JSON payload as described.

In addition, the request comes with the custom HTTP header Signature for the payload data.

This small Sinatra app shows how to verify the signature.

Verifying the signature

  1. Pick up the payload data from the HTTP request's body.
  2. Obtain the Signature header value, and base64-decode it.
  3. Obtain the public key corresponding to the private key that signed the payload. This is available at the /config endpoint's config.notifications.webhook.public_key on the relevant API server. (e.g., https://api.travis-ci.org/config)
  4. Verify the signature using the public key and SHA1 digest.

About

A small Sinatra app to verify the webhook payload signature

Resources

License

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages

You can’t perform that action at this time.