How to secure event grid subscription webhook

7
votes

What is the best practice to validate that webhook has been sent to my subscription endpoint by azure event grid rather than by other, possibly malicious, service or person.

1
azure-eventgrid

1 Answers

2
votes

When you configure webhook URL, you can put a secret token into a query parameter. Then, in your code you can validate this parameter.

For example, for Azure Function webhook, you would use code parameter:

https://myfunctionapp.azurewebsites.net/api/EventGridWebHook1?code=your_functionapp_code