SignNow.NET
SignNow.NET copied to clipboard
signnow
Enabling HMAC security logic by setting `AbstractEventSubscription.SecretKey` has no effect
While trying to enable HMAC security logic for webhook requests, I've stumbled on why something like this has no effect:
await signNowContext.Events.CreateEventSubscriptionAsync(new CreateEventSubscription(EventType.DocumentFieldInviteSent, entityId, callbackUrl) { SecretKey = "SomeHmacSecretKey" });
Turns out there are actually 2 places where SecretKey can be set when subscribing to an event:
- https://github.com/signnow/SignNow.NET/blob/7122c316be1fbcc019876f87da27f85c4af01522/SignNow.Net/Model/Requests/EventSubscriptionBase/AbstractEventSubscription.cs#L37
- https://github.com/signnow/SignNow.NET/blob/7122c316be1fbcc019876f87da27f85c4af01522/SignNow.Net/Model/Requests/EventSubscriptionBase/EventCreateAttributes.cs#L54
So, to enable HMAC when subscribing to an event, it's possible to achieve it like this:
await signNowContext.Events.CreateEventSubscriptionAsync(new CreateEventSubscription(EventType.DocumentFieldInviteSent, entityId, callbackUrl) { Attributes = new EventCreateAttributes { CallbackUrl = callbackUrl, SecretKey = "SomeHmacSecretKey" } });
I'm not sure what the idea is with having 2 of these keys, but the one among Attributes seems to be more consistent with API.
Is there any purpose for AbstractEventSubscription.SecretKey actually?
Also, I think it would be handy to be able to pass SecretKey as an optional param in CreateEventSubscription constructor.
