Source type

AWS SNS Source

AWS SNS sources receive HTTP/S topic notifications, verify SNS RSA signatures, and can answer subscription confirmations.

AWS_SNSPOST, PUT, PATCH, DELETEOptional Topic ARNContent and data
Amazon SNS HTTP/S subscriber documentationAll source types
AWS SNS sends webhook traffic to a FastHook source, FastHook validates the provider contract, records the request, and routes accepted events through connections to destinations.AWS SNSProviderPOST, PUT, PATCH, DELETEChallengeFastHookSource URLAWS_SNSProvider credentialsubscriptionVerify before queue401 on auth failure405 on wrong methodAcceptedRequestverified: trueConnections route the accepted request to destinationsFilters, transformations, retries, replay, and destination signatures stay downstream from source verification.Provider setupSpecial responsesubscription
FastHook keeps the provider-facing contract on the source. Accepted requests are stored before routing, while rejected requests keep enough evidence to debug signature, method, and challenge failures.

When to use this source type

Choose the AWS_SNS source type when AWS SNS is the system sending webhook requests into FastHook. The source type keeps sender-specific setup close to the source: accepted methods, verification headers, challenge handling, and the exact credential fields are documented together so operators do not need to translate a generic HMAC form into a provider-specific contract.

FastHook verifies the source before accepted traffic is queued. A valid request is stored with verified: true, then connections route it to destinations. A bad signature, wrong token, or missing provider header is rejected as SOURCE_AUTH_FAILED. A method outside the allowed set is rejected as SOURCE_METHOD_NOT_ALLOWED.

FastHook configuration

In the dashboard, create a source, set Source Type to AWS SNS, keep Authenticate enabled when verification is required, and fill the fields below.

Source Type

AWS_SNS

Allowed methods

POST, PUT, PATCH, DELETE

Authentication

Provider signature

Optional Topic ARN

Copy this value from AWS SNS and store it on the FastHook source.

Optional certificate/public key through API

Copy this value from AWS SNS and store it on the FastHook source.

{
  "type": "AWS_SNS",
  "config": {
    "auth_type": "PROVIDER_SIGNATURE",
    "auth": {
      "provider": "AWS_SNS"
    },
    "allowed_http_methods": ["POST","PUT","PATCH","DELETE"]
  }
}

HTTP methods

This source accepts only the methods listed below. Keep the set narrow so provider mistakes and accidental test calls are visible as rejected requests instead of being silently accepted.

POSTPUTPATCHDELETE

Special response: Subscription confirmation payloads can be confirmed automatically when API config enables it.

Headers and verification

FastHook verifies the provider-specific values below before the request is accepted. The comparison is done against the raw inbound request body or the exact provider-specific signing input described here.

Signature

SNS message signature field in the JSON body.

SigningCertURL

SNS certificate URL used to fetch the public key when not configured inline.

SignatureVersion

Selects SHA-1 or SHA-256 RSA verification.

SubscribeURL

Used for subscription confirmation when auto-confirm is enabled by API config.

FastHook builds the canonical SNS string and verifies the RSA PKCS#1 signature using the SNS certificate or configured public key.

Provider setup checklist

  1. Subscribe the FastHook Source URL as an HTTP/S endpoint for the SNS topic.
  2. Optionally configure Topic ARN so FastHook rejects messages from unexpected topics.
  3. Use the API for advanced options such as inline certificate or auto-confirm subscription.
  4. Open Amazon SNS HTTP/S subscriber documentation when you need the provider's event list, dashboard steps, or retry policy.

Troubleshooting

  • No request appears: the provider is not calling the generated FastHook Source URL, the source URL was copied before saving, or the provider has not completed its setup validation.
  • 405 method rejected: the provider sent a method outside POST, PUT, PATCH, DELETE. Edit the source only if the provider documentation says that method is expected.
  • 401 source auth failed: check the configured FastHook field, the provider signing secret, and the header names listed on this page.
  • Signature mismatch: make sure the provider signs the same public Source URL it calls and that no proxy, parser, or manual resend changed the raw request body before FastHook received it.

Related docs