API Gateway Required Webhook Validation before receiving events

Question

Hi,
iam trying to achieve the following: An API Gateway resource should receive webhook notifications from an external service, transform the request to event bridge format and forward it directly to event bridge. I managed to create the configuration and mappings, so that it works when i post the webhook event data  manually using postman.

My challenge is now that the "real" service iam using performs a validation check to the webhook listener before sending events. It sends a post request to the endpoint with a validation code in a header parameter and in order to activate this webhook subscription the validation code must be returned in the response.

I wonder if there is any configuration i can perform to do that validation step with API Gateway? In the sense of "if the requests contains a validation token, then create a response with the validation token, otherwise try the mapping and forward to event bridge" ?

Thank you in advance,
Stefan

Answer

Hello Stefan,

Not sure if you can do it directly in the API Gateway,

but you could integrate a lambda function that validates the token and returns the token to the api gateway. If the token is present, forward the event to eventbridge.

Something like that  ( + the eventbridge forwarding logic) :

```
def lambda_handler(event, context):
    headers = event.get('headers', {})
    validation_token = headers.get('Validation-Token')

if validation_token:
        # Validation token present, return it as a response
        return {
            'statusCode': 200,
            'headers': {
                'Content-Type': 'application/json'
            },
            'body': json.dumps({'validationToken': validation_token})
        }
```

Sincerely

Heiko

API Gateway Required Webhook Validation before receiving events

Relevant content