{"id":136544,"date":"2021-02-17T08:44:04","date_gmt":"2021-02-17T08:44:04","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/webhook-signature-add-on-for-gravity-forms\/"},"modified":"2021-02-17T08:44:01","modified_gmt":"2021-02-17T08:44:01","slug":"gf-webhook-signature","status":"publish","type":"plugin","link":"https:\/\/bal.wordpress.org\/plugins\/gf-webhook-signature\/","author":15294358,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.0","stable_tag":"trunk","tested":"5.6.17","requires":"4.0","requires_php":"7.0","requires_plugins":"","header_name":"Webhook Signature add-on for Gravity Forms","header_author":"Daniel Boven","header_description":"Add a signature HTTP header to webhook requests to prevent man-in-the-middle and replay attacks.","assets_banners_color":"","last_updated":"2021-02-17 08:44:01","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/daanboven.com\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":1019,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq"],"tags":[],"upgrade_notice":[],"ratings":[],"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":[],"block_files":[],"assets_screenshots":[],"screenshots":[],"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[601,2695,1963,5588,15439],"plugin_category":[42],"plugin_contributors":[196346],"plugin_business_model":[],"class_list":["post-136544","plugin","type-plugin","status-publish","hentry","plugin_tags-forms","plugin_tags-gravity","plugin_tags-request","plugin_tags-verify","plugin_tags-webhook","plugin_category-contact-forms","plugin_contributors-danielboven","plugin_committers-danielboven"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/gf-webhook-signature.svg","icon_2x":false,"generated":true},"screenshots":[],"raw_content":"<!--section=description-->\n<p>This plugin can sign the webhook events sent by the Gravity Forms WebHooks Add-On to your endpoints by including a signature in each event\u2019s <code>X-Gform-Signature<\/code> header. This allows you to verify that the events were sent by the Gravity Forms add-on, not by a third party. As of right now, you must verify the signatures by manually using your own solution. However, an example of a Node.js (JavaScript) implementation is linked below.<\/p>\n\n<p>Before you can verify signatures, you need to retrieve your endpoint\u2019s public key (more information at <a href=\"#how%20can%20i%20verify%20the%20signature%3F\">this question<\/a>).<\/p>\n\n<p>This plugin uses the same keys for every form and endpoint, meaning that the same keys will be used for every signature generated.<\/p>\n\n<h3>Verification implementations<\/h3>\n\n<ul>\n<li><strong>Node.js:<\/strong> See the example on <a href=\"https:\/\/github.com\/danielboven\/gravity-forms-webhook-signature\/blob\/main\/examples\/NODE_JS.md\">Github<\/a>.<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload this plugin to your WordPress website<\/li>\n<li>Activate the plugin through the 'Plugins' menu in WordPress<\/li>\n<li>Navigate to the <em>Settings<\/em> section <\/li>\n<li>Click on the button <em>Generate a new public \u2013 private key pair<\/em>, or paste your own in the fields above and save<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id='how%20can%20i%20verify%20the%20signature%3F'><h3>How can I verify the signature?<\/h3><\/dt>\n<dd><p>Navigate to the plugin settings. Copy the key in the <em>Public Key<\/em> field to your own application (receiver). Use it to verify the signature.<\/p><\/dd>\n<dt id='what%20format%20can%20i%20use%20for%20custom%20key'><h3>What format can I use for custom key<\/h3><\/dt>\n<dd><p>Keys that are generated by the plugin have the following format:\n- <strong>Digest algorithm:<\/strong> SHA256\n- <strong>Private key type:<\/strong> RSA (OPENSSL_KEYTYPE_RSA)\n- <strong>Private key bits:<\/strong> 1024<\/p>\n\n<p>It is therefore advised that in case you use custom keys, you use a similar format, since no other format than the one above has been tested.<\/p>\n\n<p>You also have to include the <strong>BEGIN<\/strong> and <strong>END<\/strong> lines, for example:<\/p>\n\n<p><strong>Public Key:<\/strong>\n    <code>-----BEGIN PUBLIC KEY-----\nXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\nXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\nXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\nXXXXXXXXXXXXXXXXXXXXXXXX\n-----END PUBLIC KEY-----<\/code><\/p><\/dd>\n<dt id='how%20can%20i%20send%20feedback%20or%20get%20help%20with%20a%20bug%3F'><h3>How can I send feedback or get help with a bug?<\/h3><\/dt>\n<dd><p>I'd love to hear your bug reports, feature suggestions and any other feedback! Please head over to <a href=\"https:\/\/github.com\/danielboven\/gravity-forms-webhook-signature\/issues\">the GitHub issues page<\/a> to search for existing issues or open a new one. While I'll try to triage issues reported here on the plugin forum, you'll get a faster response (and reduce duplication of effort) by keeping everything centralized in the GitHub repository.<\/p><\/dd>\n\n<\/dl>","raw_excerpt":"Add a signature HTTP header to webhook requests to prevent man-in-the-middle and replay attacks.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/136544","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=136544"}],"author":[{"embeddable":true,"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/danielboven"}],"wp:attachment":[{"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=136544"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=136544"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=136544"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=136544"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=136544"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=136544"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}