none
Use of keys in x-functions-key header RRS feed

  • Question

  • I've created a simple generic webhook and I'm calling it via postman.

    When I use the query string for authentication, passing a code parameter, it works if I pass the master key, or the function specific key from MyFunction.json, but it fails if I pass the function key from host.json with the error "The 'code' query parameter provided in the HTTP request did not match the expected value."

    If I try to use the "x-functions-key" header instead, then the only one I can get working is the masterKey from host.json. Passing either the functionKey from host.json or my function specific key that worked in the code parameter results in the error: "The WebHook verification request must contain a 'code' query parameter."

    Is this expected behaviour? From the docs I assumed I could use any of the three keys and choose whether to put them in the query string code parameter or in the x-functions-key header, but it appears not.


    Friday, September 23, 2016 8:17 PM

Answers

  • No, this is not expected, and is a bug that we've already identified and have a fix for. The fix will be going out not in the current release (0.6) but in an update soon after. Thanks for reporting :)

    For now, just use the function specific key, which is the one you'd generally want to hand out to callers of the web hook anyways. The master key should be kept secret, and is only meant for your own admin type operations, not external use. The host level function key is elevated in that it can be used to invoke all functions, so generally it is not handed out either, but you might decide to in some scenarios.


    Mathew Charles [MSFT]




    Friday, September 23, 2016 8:45 PM