Add CloudEvents endpoint validation to webhook handler proxy

Description

MS Graph API partner event topics can only be subscribed to using CloudEvents - which uses a different endpoint validation scheme than we currently support (which is the MS Event Grid scheme endpoint validation).

We need to support Graph API partner topics - so need to add this endpoint validation support to the proxy.

Further details

Find documentation for CloudEvents https://learn.microsoft.com/en-us/azure/event-grid/security-authentication#endpoint-validation-with-cloudevents-v10

The webhook handler proxy should support both validation schemes without needing to be configured via an environment variable or similar.

Task list

Add alternate CloudEvents endpoint validation
Deploy to dev environment
Test using Azure sandbox subscription by creating a custom topic and subscribing to it using the CloudEvents delivery schema

Acceptance criteria

Webhook endpoint can handle CloudEvents or Event Grid schema webhook endpoint validation

Links/references

https://github.com/cloudevents/spec/blob/v1.0/http-webhook.md#4-abuse-protection

Edited Aug 07, 2025 by Mike Knee