BlueJeans is being sunset. Please refer to more details

Verify that events are sent by BlueJeans


BlueJeans always signs the webhook events, and it sends them to your endpoints as follows

  • The POST call which is made to the registered webhook includes an Authorization header that has JWT signed key which has the issuer as BlueJeans. You can use the public key to verify that the event was sent by BlueJeans.

Note

The "Public Key" can be downloaded from the Admin Console > Enterprise Apps > Webhooks section  (See. Setting up a Webhook).

  • Make sure you confirm that the event occurred from BlueJeans using a public key, then accept the data to your servers.

This allows you to verify that the events were sent by BlueJeans, not by a third party.

Note

You can deny access to your server if the event was not signed by BlueJeans.