Hello, I have a phoenix project that talks to some external api and registers some web hooks handlers there (e.g. my app generates some url to be used as a callback).
I have to verify that webhooks requests come from legitimate party, to do so I need to read raw body of the request and calculate hmac.
I was looking at Plug docs and found out that you can skip parsing for some content type with pass
option, which in my case would be application/json
however I don’t want to turn off json parsing for my other routes.
What are my options?
You can have a separate endpoint for that. Or you can read the raw body from the conn
somehow.
Thanks, separate endpoint makes sense! And reading body after it’s being parsed it’s not possible… Thanks for the idea tho
You can have a plug which would save the body into :private
or :assigns
before the parser plug for your callback route.
I would still need to check the current path of the connection/request so I don’t carry raw body for other routes.
It would still be simpler than adding an extra endpoint, I think.
Thanks a lot! I was thinking about same approach, although i generate webhooks handler for each entity (e.g. //webhook). Probably i should move them under specific path (webhook/) and apply that plug.