Hello, I have a phoenix project that talks to some external api and registers some web hooks handlers there (e.g. my app generates some url to be used as a callback).
I have to verify that webhooks requests come from legitimate party, to do so I need to read raw body of the request and calculate hmac.
I was looking at Plug docs and found out that you can skip parsing for some content type with pass option, which in my case would be application/json however I don’t want to turn off json parsing for my other routes.
What are my options?
You can have a separate endpoint for that. Or you can read the raw body from the conn somehow.
1 Like
Thanks, separate endpoint makes sense! And reading body after it’s being parsed it’s not possible… Thanks for the idea tho 
You can have a plug which would save the body into :private or :assigns before the parser plug for your callback route.
I would still need to check the current path of the connection/request so I don’t carry raw body for other routes.
It would still be simpler than adding an extra endpoint, I think.
1 Like
Thanks a lot! I was thinking about same approach, although i generate webhooks handler for each entity (e.g. //webhook). Probably i should move them under specific path (webhook/) and apply that plug.
