Add a signature HTTP header to webhook requests to prevent man-in-the-middle and replay attacks.
| Author: | Daniel Boven (profile at wordpress.org) |
| WordPress version required: | 4.0 |
| WordPress version tested: | 5.6.4 |
| Plugin version: | 1.0 |
| Added to WordPress repository: | 17-02-2021 |
| Last updated: | 17-02-2021
Warning! This plugin has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
|
| Rating, %: | 0 |
| Rated by: | 0 |
| Plugin URI: | |
| Total downloads: | 166 |
 Click to start download |
|
This plugin can sign the webhook events sent by the Gravity Forms WebHooks Add-On to your endpoints by including a signature in each event’s X-Gform-Signature header. This allows you to verify that the events were sent by the Gravity Forms add-on, not by a third party. As of right now, you must verify the signatures by manually using your own solution. However, an example of a Node.js (JavaScript) implementation is linked below.
Before you can verify signatures, you need to retrieve your endpoint’s public key (more information at this question).
This plugin uses the same keys for every form and endpoint, meaning that the same keys will be used for every signature generated.
Verification implementations
- Node.js: See the example on Github.
FAQ