Mailgun Webhook Auth v1.0.0 MailgunWebhookAuth

A Plug for validating Mailgun Webhook requests in Elixir applications.

It expects your private mailgun API token String to be passed at initialization.

A 403 Unauthorized Webhook Request response is returned for all invalid requests.

Recommended usage is within a pipeline, but it may be used within your Phoenix controllers; anywhere a Plug can be used.

Example Phoenix.Router

    pipeline :webhooks do
    plug :accepts, ["json"]
        plug MailgunWebhookAuth,
                    api_token: Application.get_env(:your_application, :mailgun_key)
  end
    
  scope "/webhooks", YourApplication do
    pipe_through :webhooks
        
        post "/received", WebhookController, :received
        post "/delivered", WebhookController, :delivered
        post "/dropped", WebhookController, :dropped
        post "/bounced", WebhookController, :bounced
        post "/complaints", WebhookController, :complaints
        post "/unsubscribes", WebhookController, :unsubscribes
        post "/clicks", WebhookController, :clicks
        post "/opens", WebhookController, :opens
  end
    

Example Mix.Config

    config :your_application,
        mailgun_key: "key-BLAHBLAHBLAH"
        

Mailgun Documentation

See the Mailgun Routes documentation for more information.

Summary

Functions

call(conn, api_token)
hmac(data, key)
init(opts)
valid?(api_token, token, timestamp, signature)
validate_request(conn, api_token)