Rediger

Del via


Webhook event handler for namespace topics' push delivery

You can set up a webhook endpoint to handle events on a specific namespace topic by subscribing to it. Any public endpoint can be used as an event handler if it uses encryption in transit (HTTPS), can read events that use a supported CloudEvents metadata format, and handle the webhook validation.

You don't have to host your webhook on Azure, which means that you can use a webhook that's hosted elsewhere to handle events in your application. It gives you the flexibility to choose a webhook in any service provider that best fits your specific needs and requirements.

Webhook validation

If your webhook endpoint is known by malicious actors, they could exploit attack vectors and, for example, launch denial-of-service-attacks. To protect your webhook from unexpected event delivery, your webhook needs to indicate if it agrees with the event delivery. Unexpected deliveries can even happen someone who inadvertently creates an event subscription to your endpoint. To that end, your endpoint must handle the webhook validation using the CloudEvents' abuse protection for webhooks. Following that approach and as part of the event subscription creation, Event Grid sends a validation request that is followed by a proper validation response. If the validation doesn't pass, the event subscription creation fails.

Important

Event Grid doesn't support the following functionality when validating webhooks:

  • WebHook-Request-Callback. That means that you or your webhook cannot respond asynchronously to Event Grid's validation request.
  • WebHook-Request-Rate. That is, Event Grid does not request a data rate at which it communicates with your webhook endpoint. If your webhook responds with a WebHook-Allowed-Rateheader, it is ignored.

Webhooks

See Deliver events to webhooks using namespace topics - Azure CLI, which provides step-by-step instructions to publish events to Azure Event Grid in the CloudEvents JSON format and deliver those events by using the push delivery model.