CM.Email.WebhookVerification 1.0.1

.NET 9.0 This package targets .NET 9.0. The package is compatible with this framework or higher. 
dotnet add package CM.Email.WebhookVerification --version 1.0.1
                    


                    

                
NuGet\Install-Package CM.Email.WebhookVerification -Version 1.0.1
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="CM.Email.WebhookVerification" Version="1.0.1" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="CM.Email.WebhookVerification" Version="1.0.1" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="CM.Email.WebhookVerification" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add CM.Email.WebhookVerification --version 1.0.1
                    


                    

                
#r "nuget: CM.Email.WebhookVerification, 1.0.1"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package CM.Email.WebhookVerification@1.0.1
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=CM.Email.WebhookVerification&version=1.0.1
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=CM.Email.WebhookVerification&version=1.0.1
                    


                            Install as a Cake Tool

CM.Email.WebhookVerification

.NET SDK for verifying CM Email webhook signatures.

Installation

dotnet add package CM.Email.WebhookVerification

Or via Package Manager Console:

Install-Package CM.Email.WebhookVerification

Requirements

  • .NET 9.0 or later

Usage

using CM.Email.WebhookVerification;

// Initialize the validator with your secret key
var validator = new WebhookValidator("your-secret-key");

// Or with custom tolerance (default is 300 seconds)
var validator = new WebhookValidator("your-secret-key", toleranceInSeconds: 600);

// Extract headers from the incoming webhook request
var headers = new Dictionary<string, string>
{
    { "svix-id", request.Headers["svix-id"] },
    { "svix-timestamp", request.Headers["svix-timestamp"] },
    { "svix-signature", request.Headers["svix-signature"] }
};

// Get the raw request body
var payload = await new StreamReader(request.Body).ReadToEndAsync();

// Verify and deserialize the webhook payload
try
{
    var webhookData = validator.Verify<YourWebhookModel>(payload, headers);
    // Process the verified webhook data
}
catch (Exceptions.MissingHeadersException ex)
{
    // Required headers are missing
}
catch (Exceptions.InvalidTimestampException)
{
    // Timestamp format is invalid
}
catch (Exceptions.TimestampExpiredException)
{
    // Webhook timestamp is outside the allowed tolerance window
}
catch (Exceptions.InvalidSignatureException)
{
    // Signature verification failed
}

ASP.NET Core Example

[HttpPost("webhook")]
public async Task<IActionResult> HandleWebhook()
{
    var validator = new WebhookValidator(Configuration["WebhookSecretKey"]);

    var headers = new Dictionary<string, string>
    {
        { "svix-id", Request.Headers["svix-id"].ToString() },
        { "svix-timestamp", Request.Headers["svix-timestamp"].ToString() },
        { "svix-signature", Request.Headers["svix-signature"].ToString() }
    };

    using var reader = new StreamReader(Request.Body);
    var payload = await reader.ReadToEndAsync();

    try
    {
        var data = validator.Verify<WebhookPayload>(payload, headers);
        // Process webhook
        return Ok();
    }
    catch (Exceptions.WebhookVerificationException)
    {
        return Unauthorized();
    }
}

Exceptions

Exception Description
MissingHeadersException One or more required headers (svix-id, svix-timestamp, svix-signature) are missing
InvalidTimestampException The timestamp header is not a valid format
TimestampExpiredException The webhook timestamp is outside the allowed tolerance window
InvalidSignatureException The signature does not match the expected value

All exceptions inherit from WebhookVerificationException.

License

MIT License - see LICENSE for details.

Product Compatible and additional computed target framework versions.
.NET net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

  • net9.0

    • No dependencies.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.0.1 64 3/25/2026
1.0.0 85 3/9/2026