Webhook Signature add-on for Gravity Forms

Description

This plugin can sign the webhook events sent by the Gravity Forms WebHooks Add-On to your endpoints by including a signature in each event’s X-Gform-Signature header. This allows you to verify that the events were sent by the Gravity Forms add-on, not by a third party. As of right now, you must verify the signatures by manually using your own solution. However, an example of a Node.js (JavaScript) implementation is linked below.

Before you can verify signatures, you need to retrieve your endpoint’s public key (more information at this question).

This plugin uses the same keys for every form and endpoint, meaning that the same keys will be used for every signature generated.

Verification implementations

  • Node.js: See the example on Github.

Installation

  1. Upload this plugin to your WordPress website
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Navigate to the Settings section
  4. Click on the button Generate a new public – private key pair, or paste your own in the fields above and save

FAQ

How can I verify the signature?

Navigate to the plugin settings. Copy the key in the Public Key field to your own application (receiver). Use it to verify the signature.

What format can I use for custom key

Keys that are generated by the plugin have the following format:
Digest algorithm: SHA256
Private key type: RSA (OPENSSL_KEYTYPE_RSA)
Private key bits: 1024

It is therefore advised that in case you use custom keys, you use a similar format, since no other format than the one above has been tested.

You also have to include the BEGIN and END lines, for example:

Public Key:
-----BEGIN PUBLIC KEY-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXX
-----END PUBLIC KEY-----

How can I send feedback or get help with a bug?

I’d love to hear your bug reports, feature suggestions and any other feedback! Please head over to the GitHub issues page to search for existing issues or open a new one. While I’ll try to triage issues reported here on the plugin forum, you’ll get a faster response (and reduce duplication of effort) by keeping everything centralized in the GitHub repository.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“Webhook Signature add-on for Gravity Forms” is open source software. The following people have contributed to this plugin.

Contributors