Andrea Cosentino created CAMEL-23762:
----------------------------------------
Summary: camel-whatsapp: support X-Hub-Signature-256 verification
of inbound webhook payloads
Key: CAMEL-23762
URL: https://issues.apache.org/jira/browse/CAMEL-23762
Project: Camel
Issue Type: Improvement
Reporter: Andrea Cosentino
Assignee: Andrea Cosentino
The camel-whatsapp webhook consumer forwards inbound event callbacks to the
route without verifying their authenticity. WhatsApp/Meta signs event payloads
with an X-Hub-Signature-256 HMAC-SHA256 header keyed by the app secret. This
adds a webhookSecret option; when configured, inbound event callbacks whose
X-Hub-Signature-256 signature is missing or does not match are rejected with
HTTP 403. When the option is not set, behaviour is unchanged. This mirrors the
signature verification already provided by camel-clickup.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
