I wanted to use MinIO Webhook Service Notification. The logic I want to have is, when some file is uploaded to bucket1 with prefix "all/", MinIO should send event notification to provided webhook endpoint. For security purposes I have to use auth_token, this is done to accept only event notifications from trusted senders.
What is happening now, I have read the MinIO documentation on how to configure endpoint, and how to add auth_token to configuration. I have created notify_webhook:primary, added endpoint to it https://example.com/webhook/, also added auth_token="mytoken"
And ARN is created
$ mc admin config get dev-minio notify_webhook
notify_webhook enable=off endpoint= auth_token= queue_limit=0 queue_dir=client_cert= client_key=
notify_webhook:primary endpoint=https://example.com/webhook queue_limit=0 queue_dir= client_cert= client_key=
As I know, there should be one more parameter auth_token, if shouldn'tI have tried the following command: mc admin config get dev-minio notify_webhook --json
And here is the output:
{
"status": "success",
"config": [
{
"subSystem": "notify_webhook",
"kv": [
{
"key": "enable",
"value": "off"
},
{
"key": "endpoint",
"value": ""
},
{
"key": "auth_token",
"value": ""
},
{
"key": "queue_limit",
"value": "0"
},
{
"key": "queue_dir",
"value": ""
},
{
"key": "client_cert",
"value": ""
},
{
"key": "client_key",
"value": ""
}
]
},
{
"subSystem": "notify_webhook",
"target": "primary",
"kv": [
{
"key": "endpoint",
"value": "https://example.com"
},
{
"key": "queue_limit",
"value": "0"
},
{
"key": "queue_dir",
"value": ""
},
{
"key": "client_cert",
"value": ""
},
{
"key": "client_key",
"value": ""
}
]
}
]
}
When I try to send request to the endpoint using postman (curl as well), with authentication header, everything works perfectly.
I don't know what am I doing wrong, please help if you faced the same issue
I have tried to configure using Environment Variables, as well as using configuration settings using mc client
I have tried to configure using this command:
mc admin config set dev-minio notify_webhook:primary \
endpoint="https://example.com/webhook" \
auth_token="mytoken"
I have tried to configure separately every parameters of config:
mc admin config set dev-minio notify_webhook:primary endpoint="https://example.com/webhook"
mc admin config set dev-minio notify_webhook:primary auth_token="mytoken"
P.S: I am running MinIO in docker container on my Cloud Server
I dug into it and here’s what fixed my setup:
I wasn’t sure whether my webhook’s auth_token would actually show up when you run:
mc admin config get dev-minio notify_webhook
To be certain, I pulled the full history of config changes with:
mc admin config history dev-minio
This let me confirm that my auth_token had indeed been set (and reset) correctly.
Even though I supplied the token without the “Bearer ” prefix, MinIO kept sending it in the request headers as:
Authorization: Bearer a1b2c3d4e5
(I’m not entirely sure why MinIO does that automatically.)
The quick workaround was to update my backend’s header-check logic to expect the “Bearer …” format—and once I did that, the webhook authentication started passing.
One more subtlety: when you subscribe to bucket events with a prefix or suffix filter, the event’s key field comes back URL-encoded.
{"key":"all%2Fmy_image.jpg"}
instead of
{"key":"all/my_image.jpg"}
I have fixed this issue with unquote function in urllib package:
def parse_minio_event(body: dict):
record = body.get("Records", [])[0]
bucket = record["s3"]["bucket"]["name"]
raw_key = record["s3"]["object"]["key"]
key = unquote(raw_key)
return bucket, key
Keep that in mind any time you’re matching or parsing object keys.