Integrations - Amazon SQS

Like Webooks, Amazon SQS integrations are a way to deliver Event payloads to your API or data consumer via an Amazon SQS Queue.

To enable an SQS integration, first create a standard or FIFO queue on the AWS console and make note of the ARN and URL.

Next, create a policy with the following JSON policy, replacing [QUEUE ARN], with the ARN of your queue.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "sqs:SendMessage",
      "Resource": "[QUEUE ARN]"
    }
  ]
}

sqs:SendMessage is the only permission Mbaasy needs to deliver messages to your queue.

Next, create a new IAM user with Programmatic access and attach the new policy.

Once your user is created, a new Access Key ID and Secret Access Key will be furnished for you.

Finally, visit the Mbaasy App Publisher Console > Apps > [App] > Settings > Integrations page and add a new SQS integration by selecting AWS SQS as the target, enter a unique name, the AWS region, Access Key ID and Secret Access Key and press save.

Signature Validation

Every event that is sent to your SQS queue are signed using a unique SHA256 HMAC Key in the X-SHA256-Digest message attribute. You can verify the authenticity of the payload by generating a comparison signature using the HMAC Key, a SHA256 digest and the JSON body.

You will find your HMAC Key in the options menu beside each integration in the App General Settings page on the Mbaasy App Publisher Developer Console.