This example demonstrates how to verify webhook, app event, and app action requests from Contentful using HMAC-SHA256 in Go with the Gin framework. The server computes a signature from the request's method, path, headers, and body, then compares it to the signature provided by Contentful.
- Go 1.x
- Gin framework
- Install Gin:
go get -u github.com/gin-gonic/gin- Set the
CONTENTFUL_SIGNING_SECRETenvironment variable:
export CONTENTFUL_SIGNING_SECRET="your_contentful_signing_secret_here"- Run the application:
go run main.goThe server will start on http://0.0.0.0:8080.
- verifyRequest: Verifies the incoming request's signature.
- buildCanonicalString: Constructs the canonical string from the request method, path, signed headers, and body.
- calculateSignature: Computes the HMAC SHA256 signature from the canonical string and secret.