This example demonstrates how to verify webhook, app event, and app action requests from Contentful using HMAC-SHA256 in C# with ASP.NET Core. The server computes a signature from the request's method, path, headers, and body, then compares it to the signature provided by Contentful.
- .NET 6.0 SDK
- ASP.NET Core
- Set the
CONTENTFUL_SIGNING_SECRETenvironment variable:
export CONTENTFUL_SIGNING_SECRET="your_contentful_signing_secret_here"- Restore dependencies and run the application:
dotnet restore
dotnet runThe server will start on http://localhost:8080.
- VerifyWebhook: This method processes incoming POST requests, verifies the signature, and returns a 200 OK response if verified, or a 403 Forbidden response if not.
- BuildCanonicalString: Constructs the canonical string from the request method, path, signed headers, and body.
- CalculateHMACSHA256: Computes the HMAC SHA256 signature from the canonical string and secret.