Verify that events are sent by BlueJeans
BlueJeans always signs the webhook events, and it sends them to your endpoints as follows
- The POST call which is made to the registered webhook includes an Authorization header that has JWT signed key which has the issuer as BlueJeans. You can use the public key to verify that the event was sent by BlueJeans.
Note
The "Public Key" can be downloaded from the Admin Console > Enterprise Apps > Webhooks section (See. Setting up a Webhook).
- Make sure you confirm that the event occurred from BlueJeans using a public key, then accept the data to your servers.
This allows you to verify that the events were sent by BlueJeans, not by a third party.
Note
You can deny access to your server if the event was not signed by BlueJeans.