chore: remove webhook validation from Getting started

Author: matsk-sinch

examples/getting-started/conversation/send_handle_incoming_sms/.env.example

@@ -9,8 +9,5 @@ SINCH_KEY_SECRET=
 CONVERSATION_APP_ID=
 SINCH_CONVERSATION_REGION=
 
-# Webhook secret (set when configuring the callback in Sinch dashboard)
-CONVERSATION_WEBHOOKS_SECRET=
-
 # Server
 SERVER_PORT=3001

examples/getting-started/conversation/send_handle_incoming_sms/README.md

@@ -35,12 +35,6 @@ see that the MO was received and processed.
    SINCH_CONVERSATION_REGION=
    ```
 
-   - Webhook secret (the value you set when configuring the callback URL for this app).  
-   See [Conversation API callbacks](https://developers.sinch.com/docs/conversation/callbacks):
-   ```
-   CONVERSATION_WEBHOOKS_SECRET=your_webhook_secret
-   ```
-
    - Server port (optional; default 3001):
    ```
    SERVER_PORT=3001
@@ -92,8 +86,7 @@ Forwarding    https://abc123.ngrok-free.app -> http://localhost:3001
 Use the **HTTPS** URL when configuring the callback:  
 `https://<your-ngrok-host>/ConversationEvent`
 
-Configure this callback URL (and the webhook secret) in the Sinch dashboard for your Conversation API app.  
-The webhook secret must match `CONVERSATION_WEBHOOKS_SECRET` in your `.env`.
+Configure this callback URL in the Sinch dashboard for your Conversation API app.
 
 ### Sending an SMS to your Sinch number
 

examples/getting-started/conversation/send_handle_incoming_sms/controller.py

@@ -3,28 +3,16 @@
 
 
 class ConversationController:
-    def __init__(self, sinch_client, webhooks_secret, app_id):
+    def __init__(self, sinch_client, app_id):
         self.sinch_client = sinch_client
-        self.webhooks_secret = webhooks_secret
         self.app_id = app_id
         self.logger = self.sinch_client.configuration.logger
 
     def conversation_event(self):
         headers = dict(request.headers)
         raw_body = getattr(request, "raw_body", None) or b""
 
-        webhooks_service = self.sinch_client.conversation.webhooks(self.webhooks_secret)
-
-        # Set to True to enforce signature validation (recommended in production)
-        ensure_valid_signature = False
-        if ensure_valid_signature:
-            valid = webhooks_service.validate_authentication_header(
-                headers=headers,
-                json_payload=raw_body,
-            )
-            if not valid:
-                return Response(status=401)
-
+        webhooks_service = self.sinch_client.conversation.webhooks()
         event = webhooks_service.parse_event(raw_body, headers)
         handle_conversation_event(
             event=event,

examples/getting-started/conversation/send_handle_incoming_sms/server.py

@@ -22,7 +22,6 @@ def load_config():
 config = load_config()
 port = int(config.get("SERVER_PORT") or "3001")
 app_id = config.get("CONVERSATION_APP_ID") or ""
-webhooks_secret = config.get("CONVERSATION_WEBHOOKS_SECRET") or ""
 conversation_region = (config.get("SINCH_CONVERSATION_REGION") or "").strip()
 if not conversation_region:
     raise ValueError(
@@ -40,7 +39,7 @@ def load_config():
 sinch_client.configuration.logger.setLevel(logging.INFO)
 
 conversation_controller = ConversationController(
-    sinch_client, webhooks_secret, app_id
+    sinch_client, app_id
 )
 
 

sinch/domains/conversation/conversation.py

@@ -14,11 +14,11 @@ def __init__(self, sinch):
         self._sinch = sinch
         self.messages = Messages(self._sinch)
 
-    def webhooks(self, callback_secret: str) -> ConversationWebhooks:
+    def webhooks(self, callback_secret: str = "") -> ConversationWebhooks:
         """
         Create a Conversation API webhooks handler with the given webhook secret.
 
-        :param callback_secret: Secret used for webhook signature validation.
+        :param callback_secret: Secret used for webhook signature validation (default "").
         :type callback_secret: str
         :returns: A configured webhooks handler.
         :rtype: ConversationWebhooks