Skip to content

feat(webhooks & callbacks): add contracts for generic HMAC implementation #105

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
asadali214 merged 33 commits into from
Oct 3, 2025
Merged

feat(webhooks & callbacks): add contracts for generic HMAC implementation #105

asadali214 merged 33 commits into from
Oct 3, 2025

Conversation

@sufyankhanrao
Copy link
Collaborator

@sufyankhanrao sufyankhanrao commented Sep 1, 2025

What

  • Added framework-agnostic request snapshot model for verifiers and event parsing.
  • Implemented a configurable generic HMAC verifier supporting headers, ordering, delimiter, encoder, and hash algorithm.
  • Introduced JSON Pointer–based parsing templates for flexible event payload extraction.
  • Wrote unit tests for verifier configurations, JSON Pointer resolution, event parsing, and request immutability.
  • Updated documentation to include setup and usage guidance.

Why

To establish a solid foundation for Webhooks and Callbacks in the Python core library.
These additions provide secure, consistent handling of webhook events across SDKs while ensuring extensibility for future enhancements.

Closes #104

Type of change

Select multiple if applicable.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause a breaking change)
  • Tests (adds or updates tests)
  • Documentation (adds or updates documentation)
  • Refactor (style improvements, performance improvements, code refactoring)
  • Revert (reverts a commit)
  • CI/Build (adds or updates a script, change in external dependencies)

Dependency Change

If a new dependency is being added, please ensure that it adheres to the following guideline https://github.com/apimatic/apimatic-codegen/wiki/Policy-of-adding-new-dependencies-in-the-core-libraries

Breaking change

If the PR is introducing a breaking change, please ensure that it adheres to the following guideline https://github.com/apimatic/apimatic-codegen/wiki/Guidelines-for-maintaining-core-libraries

Testing

List the steps that were taken to test the changes

Checklist

  • My code follows the coding conventions
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have added new unit tests

@sufyankhanrao
adds signature verification implementations
f25ec12
@sufyankhanrao
adds gaurd clause for the hmac verification implementation
77b4e2f
@sufyankhanrao
updates the verify contract in SignatureVerifier
7ad9240
@sufyankhanrao
makes the hmac signature verification more generic so that could be r…
87ee3d8 
…eused in the SDK
@sufyankhanrao
reverts the Hmac implementation from generic configuration perspective
426171d
@sufyankhanrao
Revert "reverts the Hmac implementation from generic configuration pe…
8fd9245 
…rspective"

This reverts commit 426171d.
@sufyankhanrao
fixes the request package
f2f464c
@sufyankhanrao
adds verification_result type for verify method
e4f2e9d
@sufyankhanrao
adds the verification result integration
4179e49
@sufyankhanrao
override str method for custom exception
fc99e6b
@sufyankhanrao
contains hmac generic implementation using json pointers
4344518
@sufyankhanrao
adds test for the hmac implementation
7345493
@sufyankhanrao
updates readme file
5ce2013
@sufyankhanrao sufyankhanrao self-assigned this Sep 1, 2025
@sufyankhanrao sufyankhanrao added the enhancement New feature or request label Sep 1, 2025
Copilot AI reviewed Sep 1, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds comprehensive webhook and callback support to the Python core library by introducing a templating system for flexible message construction and an HMAC signature verification system. The implementation provides a framework-agnostic approach to handling webhook events with secure signature verification capabilities.

  • Introduces a template engine with JSON Pointer support for flexible message construction from HTTP requests
  • Implements configurable HMAC signature verification with multiple hash algorithms and encoding options
  • Adds comprehensive test coverage for all new components including edge cases and error handling

Reviewed Changes

Copilot reviewed 16 out of 20 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
apimatic_core/templating/template_engine.py Core templating engine for parsing and rendering message templates with runtime expressions
apimatic_core/templating/template_resolver.py Built-in resolvers for extracting HTTP method, URL, headers, query params, and JSON body data
apimatic_core/templating/json_pointer_resolver.py RFC 6901 JSON Pointer implementation for extracting values from JSON request bodies
apimatic_core/security/hmac_signature_verifier.py HMAC signature verification with configurable templates, hash algorithms, and encoders
apimatic_core/security/encoders.py Digest encoding implementations (hex, base64, base64url)
apimatic_core/exceptions/signature_verification_error.py Custom exception for signature verification failures
tests/ Comprehensive test suites covering all new functionality with edge cases
setup.py Version bump to 0.2.22
README.md Updated documentation with new templating and security features

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@sufyankhanrao sufyankhanrao changed the title Webhooks support feat(webhooks & callbacks): add contracts for generic HMAC implementation Sep 1, 2025
@sufyankhanrao sufyankhanrao force-pushed the webhooks-support branch 2 times, most recently from 6142f23 to 9b78914 Compare September 5, 2025 13:33
@sufyankhanrao sufyankhanrao force-pushed the webhooks-support branch 3 times, most recently from b391792 to db79796 Compare September 8, 2025 19:34
@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 3, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
99.4% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@asadali214 asadali214 merged commit b24fb51 into main Oct 3, 2025
9 checks passed
@asadali214 asadali214 deleted the webhooks-support branch October 3, 2025 13:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@asadali214 asadali214 asadali214 approved these changes

Assignees

@sufyankhanrao sufyankhanrao

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add Webhooks & Callbacks Support

3 participants

@sufyankhanrao @asadali214