Expand description
Webhook handling with signature verification.
Forge provides a structured way to receive webhooks from external services with automatic signature verification and idempotency handling.
§Signature Verification
Webhooks can verify signatures using HMAC-SHA256 or other algorithms:
ⓘ
#[forge::webhook(
path = "/webhooks/stripe",
signature = "hmac_sha256",
secret_env = "STRIPE_WEBHOOK_SECRET"
)]
async fn handle_stripe(ctx: &WebhookContext, payload: StripeEvent) -> WebhookResult {
// Signature already verified
}§Idempotency
Webhooks can be configured to deduplicate based on a header or payload field:
ⓘ
#[forge::webhook(
path = "/webhooks/github",
idempotency_key = "header:X-GitHub-Delivery"
)]§Key Types
WebhookContext- Request context with headers and raw bodySignatureConfig- Signature verification settingsIdempotencyConfig- Deduplication settings
Structs§
- Idempotency
Config - Configuration for webhook idempotency.
- Signature
Config - Configuration for webhook signature validation.
- Webhook
Context - Context available to webhook handlers.
- Webhook
Info - Webhook metadata.
- Webhook
Signature - Helper for constructing signature configurations.
Enums§
- Idempotency
Source - Source for extracting idempotency key.
- Signature
Algorithm - Supported signature algorithms.
- Webhook
Result - Result returned by webhook handlers.
Traits§
- Forge
Webhook - Trait for FORGE webhook handlers.