SDK for verifying CM Email webhook signatures

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for lord_sylar from gravatar.com lord_sylar

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: email-team
  • Tags webhook , verification , hmac , signature , cm , email
  • Requires: Python >=3.9
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

CM Email Webhook Verification SDK (Python)

SDK for verifying the authenticity of webhooks sent by CM Email services.

Installation

pip install cm-email-webhook-verification

Usage

from cm_email_webhook_verification import WebhookValidator, WebhookVerificationError

# Initialize with your webhook secret key
validator = WebhookValidator("your-secret-key")

# Extract headers and payload from incoming request
headers = {
    "svix-id": request.headers["svix-id"],
    "svix-timestamp": request.headers["svix-timestamp"],
    "svix-signature": request.headers["svix-signature"],
}
payload = request.body.decode("utf-8")

try:
    data = validator.verify(payload, headers)
    # Process verified webhook data
    print(f"Received event: {data}")
except WebhookVerificationError as e:
    # Handle verification failure
    print(f"Webhook verification failed: {e}")

Flask Example

from flask import Flask, request, jsonify
from cm_email_webhook_verification import WebhookValidator, WebhookVerificationError

app = Flask(__name__)
validator = WebhookValidator("your-secret-key")

@app.route("/webhook", methods=["POST"])
def webhook():
    headers = {
        "svix-id": request.headers.get("svix-id"),
        "svix-timestamp": request.headers.get("svix-timestamp"),
        "svix-signature": request.headers.get("svix-signature"),
    }
    payload = request.get_data(as_text=True)

    try:
        data = validator.verify(payload, headers)
        return jsonify({"status": "ok"}), 200
    except WebhookVerificationError:
        return jsonify({"error": "Invalid webhook"}), 401

FastAPI Example

from fastapi import FastAPI, Request, HTTPException
from cm_email_webhook_verification import WebhookValidator, WebhookVerificationError

app = FastAPI()
validator = WebhookValidator("your-secret-key")

@app.post("/webhook")
async def webhook(request: Request):
    headers = {
        "svix-id": request.headers.get("svix-id"),
        "svix-timestamp": request.headers.get("svix-timestamp"),
        "svix-signature": request.headers.get("svix-signature"),
    }
    payload = (await request.body()).decode("utf-8")

    try:
        data = validator.verify(payload, headers)
        return {"status": "ok"}
    except WebhookVerificationError:
        raise HTTPException(status_code=401, detail="Invalid webhook")

Custom Tolerance

By default, webhooks are valid for 5 minutes. You can customize this:

# Accept webhooks up to 10 minutes old
validator = WebhookValidator("your-secret-key", tolerance_in_seconds=600)

Exceptions

Exception Description
WebhookVerificationError Base exception for all verification errors
InvalidSignatureError Signature does not match
TimestampExpiredError Timestamp outside tolerance window
MissingHeaderError Required headers missing

Security

This SDK uses:

  • HMAC-SHA512 for signature generation
  • Constant-time comparison to prevent timing attacks
  • Timestamp validation to prevent replay attacks

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for lord_sylar from gravatar.com lord_sylar

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: email-team
  • Tags webhook , verification , hmac , signature , cm , email
  • Requires: Python >=3.9
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

This version

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cm_email_webhook_verification-1.0.0.tar.gz (5.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

cm_email_webhook_verification-1.0.0-py3-none-any.whl (5.6 kB view details)

Uploaded Python 3

File details

Details for the file cm_email_webhook_verification-1.0.0.tar.gz.

File metadata

File hashes

Hashes for cm_email_webhook_verification-1.0.0.tar.gz
Algorithm Hash digest
SHA256 beda7764380e035e1f658e0205e969796e1342061ccd6fe6caa81de4a4f97b04
MD5 ef9f1b9aeb7b309bad47329a5851a120
BLAKE2b-256 d16fb9d3e47e31c516a6844c9a8ae50d220566f277f3fd748befe2d52190b675

See more details on using hashes here.

File details

Details for the file cm_email_webhook_verification-1.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for cm_email_webhook_verification-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 557bc2d7c4d95bd02c55f8e3c42947a30e184b63d481eeb99ffa4bf65ca1044a
MD5 e8fb98c2de3af9f451c03795341179e1
BLAKE2b-256 8c287e02416494c4d0a61440608a385bfc9aa5cdd11e2a732294f1eb6b2d7544

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page