This example demonstrates how to verify webhook, app event, and app action requests from Contentful using HMAC-SHA256 in Python with Flask. The server computes a signature from the request's method, path, headers, and body, then compares it to the signature provided by Contentful.
- Python 3.x
- Flask
- Install Flask:
pip install flask- Set the
CONTENTFUL_SIGNING_SECRETenvironment variable:
export CONTENTFUL_SIGNING_SECRET="your_contentful_signing_secret_here"- Run the application:
python app.pyThe server will start on http://0.0.0.0:8080.
- verify_request: Verifies the incoming request's signature.
- build_canonical_string: Constructs the canonical string from the request method, path, signed headers, and body.
- calculate_signature: Computes the HMAC SHA256 signature from the canonical string and secret.