This plugin can sign the webhook events sent by the Gravity Forms WebHooks Add-On to your endpoints by including a signature in each event’s X-Gform-Signature header. This allows you to verify that the events were sent by the Gravity Forms add-on, not by a third party. As of right now, you must verify the signatures by manually using your own solution. However, an example of a Node.js (JavaScript) implementation is linked below.
Before you can verify signatures, you need to retrieve your endpoint’s public key (more information at this question).
This plugin uses the same keys for every form and endpoint, meaning that the same keys will be used for every signature generated.
Verification implementations
- Node.js: See the example on Github.
Download & install the zip archive
The plugin package installer can be downloaded from the WP2E project tab called “code”.
1 – Select the version to download if this option is available otherwise the “latest” version of the main plugin will be used.
2 – After downloading the zip archive install the plugin package installer in you local environment and activate the script from the plugin list.
3 – Under the section “Plugins” of the admin dashboard you should see a new “Dependencies & Licenses” link. Follow the instructions from this panel to finalize the installation of the missing dependencies.
-
- Give a name to your project
-
- Download the Installer Package
-
- Install & activate the plugin locally
-
- Install the suggested dependencies
Tips: Use the WP2E panel to add/suggest new dependencies to the local installation. Press F5 in the list of dependencies if the changes are not displayed right away.