ruby
8 lines · 1 tab
Kai Nakamura
Apr 2026
1 tab
event_id = request.headers.fetch('X-Event-Id')
timestamp = request.headers.fetch('X-Signature-Timestamp').to_i
raise ActionController::BadRequest, 'stale request' if Time.now.to_i - timestamp > 300
raise ActionController::BadRequest, 'replay detected' if WebhookEvent.exists?(external_id: event_id)
WebhookEvent.create!(external_id: event_id, payload: request.raw_post)
head :accepted
1 file · ruby
Explain with highlit
A webhook endpoint is an internet-facing parser plus an authentication problem. I verify signatures, enforce recent timestamps, and store event IDs to block replay attempts. Reliability matters too, so handlers should be idempotent and fast to acknowledge.
Share this code
Here's the card — post it anywhere.