[
https://issues.apache.org/jira/browse/CAMEL-23762?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Claus Ibsen resolved CAMEL-23762.
---------------------------------
Resolution: Fixed
> camel-whatsapp: support X-Hub-Signature-256 verification of inbound webhook
> payloads
> ------------------------------------------------------------------------------------
>
> Key: CAMEL-23762
> URL: https://issues.apache.org/jira/browse/CAMEL-23762
> Project: Camel
> Issue Type: Improvement
> Reporter: Andrea Cosentino
> Assignee: Andrea Cosentino
> Priority: Major
> Fix For: 4.14.8, 4.18.3, 4.21.0
>
>
> The camel-whatsapp webhook consumer forwards inbound event callbacks to the
> route without verifying their authenticity. WhatsApp/Meta signs event
> payloads with an X-Hub-Signature-256 HMAC-SHA256 header keyed by the app
> secret. This adds a webhookSecret option; when configured, inbound event
> callbacks whose X-Hub-Signature-256 signature is missing or does not match
> are rejected with HTTP 403. When the option is not set, behaviour is
> unchanged. This mirrors the signature verification already provided by
> camel-clickup.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
