From 758757b1ed84d02c93197d53571d51a698ff3174 Mon Sep 17 00:00:00 2001 From: manisha1997 Date: Thu, 18 Sep 2025 15:21:51 +0530 Subject: [PATCH] chore: Add docs --- src/Twilio/Security/RequestValidator.cs | 33 ++++++++++++++++++------- 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/src/Twilio/Security/RequestValidator.cs b/src/Twilio/Security/RequestValidator.cs index 8a1dcca1c..6a7d0157a 100644 --- a/src/Twilio/Security/RequestValidator.cs +++ b/src/Twilio/Security/RequestValidator.cs @@ -25,11 +25,15 @@ public RequestValidator(string secret) } /// - /// Validate against a request + /// Validate against a request. + /// The validate function is provided to validate incoming webhook requests from Twilio. + /// It does this by comparing the expected signature passed in with a signature it generates itself. + /// The signature is generated by creating an HMAC-SHA1 hash using the signing secret as the key, + /// and the full URL (including query string parameters and bodySHA256) as the message. /// - /// Request URL - /// Request parameters - /// Expected result + /// Request URL - This URL should include all query parameters and bodySHA256 + /// Request parameters. This includes any body that is part of the request. + /// Every Twilio Request has an x-twilio-signature associated with it. This is the expected twilio signature against which the generated signature is compared with. /// true if the signature matches the result; false otherwise public bool Validate(string url, NameValueCollection parameters, string expected) { @@ -37,11 +41,15 @@ public bool Validate(string url, NameValueCollection parameters, string expected } /// - /// Validate against a request + /// Validate against a request. + /// The validate function is provided to validate incoming webhook requests from Twilio. + /// It does this by comparing the expected signature passed in with a signature it generates itself. + /// The signature is generated by creating an HMAC-SHA1 hash using the signing secret as the key, + /// and the full URL (including query string parameters and bodySHA256) as the message. /// - /// Request URL - /// Request parameters - /// Expected result + /// Request URL - This URL should include all query parameters and bodySHA256 + /// Request parameters. This includes any body that is part of the request. + /// Every Twilio Request has an x-twilio-signature associated with it. This is the expected twilio signature against which the generated signature is compared with. /// true if the signature matches the result; false otherwise public bool Validate(string url, IDictionary parameters, string expected) { @@ -125,6 +133,13 @@ public bool Validate(string url, string body, string expected) return Validate(url, (IDictionary)null, expected) && ValidateBody(body, bodyHash); } + /// + /// Validate the body of a request. + /// The validateBody function is provided to validate the body of incoming webhook requests from Twilio + /// It does this by creating a SHA256 hash of the body and comparing it to the expected hash. + /// + /// Raw body of the request + /// The expected SHA256 hash of the body public static bool ValidateBody(string rawBody, string expected) { #if NET6_0_OR_GREATER @@ -230,4 +245,4 @@ private static string PreserveCase(string url, string replacementString) return url.Substring(startIndex, replacementString.Length); } } -} \ No newline at end of file +}