Jump to content
ertank

Handling webhooks using MARS

By ertank, in MARS-Curiosity REST Library

Recommended Posts

ertank    21

ertank
Posted

Hello,

 

I have a company that would like to send me some data over a webhook. They want me to provide them access information for an x-api-key header.

 

I know that MARS uses Authorization header for secure access. I am not sure if it is possible to support x-api-key header for a specific use case.

 

Any help is appreciated.

 

Thanks & Regards,

Ertan

Share this post

Link to post

Andrea Magni    75

Andrea Magni
Posted

Hi, yes you can easily read request's header:

1) using the HeaderParam attribute to decorate a field of your resource (or an argument of your method) to retrieve the value

2) accessing the IMARSActivation and the Request field to have a more direct access to the underlying request object

 

Other thing is to use that header to provide authentication/authorization through MARS built-in facilities. We can explore that too, just let me know what you need and some examples of requests.

 

Sincerely,

Andrea

Share this post

Link to post

ertank    21

ertank
Posted

Hi,

 

If possible, I do not want to use existing "Authorization" header. I would like to allow access or block access depending on "x-api-key" header on each request.

 

- x-api-key header missing: Block the request using 404

- x-api-key header exists: Check in a method that it is correct. Allow only if correct, else block the request using 404

 

Very basic example would be: 

Incoming request Header:
x-api-key: my_own_key_data

Incoming request Body:
{"data":"Various json data. To be read as whole in a string"}

 

Attached you can find is a sample postman request.

 

Thanks & Regards,

Ertan

webhook_test.postman_collection.json

Share this post

Link to post

ertank    21

ertank
Posted

Hi,

 

I didn't know about HeaderParam attribute. 

    [POST, Path('test')]
    function Test([HeaderParam('x-api-key')] const ApiKey: string;
                  [BodyParam] const Body: string): string;

Using above, I can check about ApiKey value in the function and use EMARSHttpException for returning a 404 error if necessary.

 

I was searching a way to block a request with wrong x-api-key header value even before function code execution, but above approach is a solution, too.

 

Thanks & Regards,

Ertan

Share this post

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing MARS-Curiosity REST Library
×