twiliotwilio-api

Twilio X Signature validation fails for the webhook request


I have configured webhook url in twilio and a springboot app with POST Api listening to it. I am tryin to validate the X-Twilio-Signature received in the header by passing the eurl request body (string) and signature to com.twilio.security.RequestValidator.validate method. But i am always getting false returned

validate(String url, String body, String expectedSignature)

I tried by changing string req body to MAP<string,string>. That also did not work


Solution

  • I have found this Twilio blog article which explains how you can validate the signature using Java and Spring boot https://www.twilio.com/en-us/blog/secure-twilio-webhooks-java

    This does use interceptors but the supporting repo https://github.com/mjg123/ValidatingTwilioWebhooks/blob/7df95b9ab80b53689ff79ff9d4a639b9ce03557b/src/main/java/com/twilio/requestverification/TwilioValidationHandlerInterceptor.java#L75 shows the body is manipulated prior to validating the signature.

    Hope this helps