1

I'm wanting to register an Azure Event Hubs as a WebHook to a third-party application which does not support any header/body authentication, just a simple URL.

I can't see anywhere in the Azure Event Hubs documentation or portal that allows me to set up a listener without a SAS? I understand this would make the Event Hub insecure, however, since it's only listening and writing the payload to Azure Blob Storage, I am happy to accept the risk.

If it's not possible to set up an Azure Event Hubs without any authentication, I thought about setting up an Azure Automation Runbook to expose a Webhook. The runbook would pass the payload to the Azure Event Hubs handling the authentication on the way through. Is this acceptable practice?

Are there any other known workarounds?

Bernarzinho
  • 50
  • 1
  • 5
  • It is not possible to use Event Hubs without authorization. Have you considered using an Azure Function as your webhook using that to output to your Event Hub? That would also give you the ability to consider validating the HTTP request to ensure that it came from your third-party application. – Jesse Squire Feb 20 '21 at 17:18
  • Hi @JesseSquire, yes that is a consideration but I wanted to use something that didn't require deployment if the third-party app changed. – Bernarzinho Feb 20 '21 at 21:55

1 Answers1

0

No, you must listen the event hubs with some authentications.

Your solution is feasible. You can use runbook to receive data and interact and verify with event hub. Of course, as the comments said, functions and other services are also feasible methods.

In short, it is impossible without any authentication at all.

Cindy Pau
  • 13,085
  • 1
  • 15
  • 27