Webhook signature verification for Fygaro
Project description
fygaro-webhook
Webhook signature verification for Fygaro — pure Python stdlib, zero runtime deps
This helper validates the Fygaro-Signature header of incoming webhooks.
It supports secret rotation (multiple active secrets) and is ready for future
hash algorithms.
Installation
pip install fygaro-webhook
Requires Python ≥ 3.8.
Quick start
from fygaro.webhook import FygaroWebhookValidator
# Load your current and (optionally) previous secrets
validator = FygaroWebhookValidator(
secrets=[
b"my-primary-secret", # bytes or str → utf-8 encoded
],
# max_age_seconds=300 # optional, default = 5 min
)
# In your view / handler
if not validator.verify_signature(
signature_header=request.headers["Fygaro-Signature"],
body=request.body, # raw bytes exactly as sent
):
raise ValueError("Invalid signature")
# ...process JSON, return 200...
API reference (detailed)
class FygaroWebhookValidator
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
secrets |
Sequence[str | bytes] |
✔ | — | One or more active webhook secrets. Provide all currently valid secrets during a rotation window. Each secret can be a UTF-8 str or raw bytes. |
max_age_seconds |
int |
✖ | 300 |
Maximum allowable clock skew (in seconds) between the timestamp in the header and the server time. A low value mitigates replay attacks. |
validator = FygaroWebhookValidator(
secrets=["primary"], # Add multiple for rotation: secrets=["primary", "previous"]
)
validator.verify_signature(signature_header: str, body: bytes) -> bool
| Argument | Type | Description |
|---|---|---|
signature_header |
str |
The exact value of the incoming Fygaro-Signature HTTP header. |
body |
bytes |
The unmodified request body (raw bytes). Do not .decode() or re-serialize. |
Return value:
True— signature is valid and timestamp is withinmax_age_seconds.False— signature mismatch, stale timestamp, or malformed header.
is_valid = validator.verify_signature(sig_header, raw_body)
License
MIT © Fygaro — support: support@fygaro.com
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file fygaro_webhook-1.0.0.tar.gz.
File metadata
- Download URL: fygaro_webhook-1.0.0.tar.gz
- Upload date:
- Size: 4.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.8.20
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fff6154903762da79c60674c097f33ebb7f4fe75e73783cc0b9a2f4bbc8efa13
|
|
| MD5 |
6df37bcfb9dbc293b922d2aef5f82fd8
|
|
| BLAKE2b-256 |
5d347015666bff2238455ae1c97523251dc3968b4af111a59e5545d36dc4b5fc
|
File details
Details for the file fygaro_webhook-1.0.0-py3-none-any.whl.
File metadata
- Download URL: fygaro_webhook-1.0.0-py3-none-any.whl
- Upload date:
- Size: 5.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.8.20
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
79a0110b0ff68b58f6e09f630472a7dbcd5d6bdd996016d5eab34468789ef81a
|
|
| MD5 |
163fe581d432291ae51f560c1692231f
|
|
| BLAKE2b-256 |
ead731a577f15467c06e2ec7f5d02759aed5e63a623809e8d714bcdb1fe51b61
|
