feat(webhooks & callbacks): add contracts for webhooks and callbacks (#37)

This commit adds comprehensive contracts for webhook and callback handling by introducing a signature verification framework and HTTP request modeling. The changes enable language-agnostic webhook implementations across core libraries and SDKs.

- Added signature verification interface with standardized result handling
- Introduced framework-agnostic HTTP request model for webhook processing
- Updated package structure and documentation to reflect new capabilities

Author: sufyankhanrao

.gitignore

@@ -158,3 +158,5 @@ cython_debug/
 #  and can be added to the global gitignore or merged into this file.  For a more nuclear
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 .idea/
+*.py~
+*~

README.md

@@ -1,40 +1,47 @@
 # apimatic-core-interfaces
-[![PyPI][pypi-version]](https://pypi.org/project/apimatic-core-interfaces/)
-[![Maintainability Rating][maintainability-badge]][maintainability-url]
-[![Vulnerabilities][vulnerabilities-badge]][vulnerabilities-url]
+[![PyPI][pypi-version]](https://pypi.org/project/apimatic-core-interfaces/)  
+[![Maintainability Rating][maintainability-badge]][maintainability-url]  
+[![Vulnerabilities][vulnerabilities-badge]][vulnerabilities-url]  
 [![Licence][license-badge]][license-url]
 
 ## Introduction
-This project contains the abstract layer for APIMatic's core library. The purpose of creating interfaces is to separate out the functionalities needed by APIMatic's core library module. The goal is to support scalability and feature enhancement of the core library and the SDKs along with avoiding any breaking changes by reducing tight coupling between modules through the introduction of interfaces.
+This project contains the abstract layer for APIMatic's core library. The purpose of creating interfaces is to separate out the functionalities needed by APIMatic's core library module. The goal is to support scalability and feature enhancement of the core library and the SDKs, while avoiding breaking changes by reducing tight coupling between modules.
 
-## Version supported
-Currenty APIMatic supports  `Python version 3.7+`  hence the apimatic-core-interfaces will need the same versions to be supported.
+## Version Supported
+Currently, APIMatic supports **Python version 3.7+**, hence the `apimatic-core-interfaces` package requires the same version support.
 
 ## Installation
-Simply run the command below in your SDK as the apimatic-core-interfaces will be added as a dependency in the SDK.
-```python
+Run the following command in your SDK (the `apimatic-core-interfaces` package will be added as a dependency):
+```bash
 pip install apimatic-core-interfaces
 ```
 
 ## Interfaces
-| Name                                                                        | Description                                                                               |
-|-----------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|
-| [`HttpClient`](apimatic_core_interfaces/client/http_client.py)              | To save both Request and Response after the completion of response                        |
-| [`ResponseFactory`](apimatic_core_interfaces/factories/response_factory.py) | To convert the client-adapter response into a custom HTTP response                        |
-| [`Authentication`](apimatic_core_interfaces/types/authentication.py)        | To setup methods for the validation and application of the required authentication scheme |
-| [`UnionType`](apimatic_core_interfaces/types/union_type.py)                 | To setup methods for the validation and deserialization of OneOf/AnyOf union types        |
-| [`Logger`](apimatic_core_interfaces/logger/logger.py)                       | An interface for the generic logger facade                                                |
-| [`ApiLogger`](apimatic_core_interfaces/logger/api_logger.py)                | An interface for logging API requests and responses                                       |
+| Name                                                                                       | Description                                                                                 |
+|--------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------|
+| [`HttpClient`](apimatic_core_interfaces/client/http_client.py)                             | Saves both request and response after the completion of response.                           |
+| [`ResponseFactory`](apimatic_core_interfaces/factories/response_factory.py)                | Converts the client-adapter response into a custom HTTP response.                           |
+| [`Authentication`](apimatic_core_interfaces/types/authentication.py)                       | Sets up methods for the validation and application of the required authentication scheme.   |
+| [`UnionType`](apimatic_core_interfaces/types/union_type.py)                                 | Sets up methods for the validation and deserialization of OneOf/AnyOf union types.           |
+| [`Logger`](apimatic_core_interfaces/logger/logger.py)                                       | An interface for the generic logger facade.                                                 |
+| [`ApiLogger`](apimatic_core_interfaces/logger/api_logger.py)                                | An interface for logging API requests and responses.                                        |
+| [`SignatureVerifier`](apimatic_core_interfaces/security/signature_verifier.py)             | Defines the contract for verifying the authenticity of incoming events or webhook requests. |
+
+## Types
+| Name                                                                                             | Description                                                                                 |
+|--------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------|
+| [`Request`](apimatic_core_interfaces/http/request.py)                                            | Framework-agnostic request model capturing headers, method, path, body, and raw bytes. |
+| [`SignatureVerificationResult`](apimatic_core_interfaces/types/signature_verification_result.py) | Provides a structured result of the verification process, including success, failure, and error details. |
 
 ## Enumerations
-| Name                                                                          | Description                                                     |
-|-------------------------------------------------------------------------------|-----------------------------------------------------------------|
-| [`HttpMethodEnum`](apimatic_core_interfaces/types/http_method_enum.py )       | Enumeration containig HTTP Methods (GET, POST, PATCH, DELETE)   |
+| Name                                                                                   | Description                                                   |
+|----------------------------------------------------------------------------------------|---------------------------------------------------------------|
+| [`HttpMethodEnum`](apimatic_core_interfaces/types/http_method_enum.py)                 | Enumeration containing HTTP methods (GET, POST, PATCH, DELETE).|
 
-[pypi-version]: https://img.shields.io/pypi/v/apimatic-core-interfaces
-[license-badge]: https://img.shields.io/badge/licence-MIT-blue
-[license-url]: LICENSE
-[maintainability-badge]: https://sonarcloud.io/api/project_badges/measure?project=apimatic_core-interfaces-python&metric=sqale_rating
-[maintainability-url]: https://sonarcloud.io/summary/new_code?id=apimatic_core-interfaces-python
-[vulnerabilities-badge]: https://sonarcloud.io/api/project_badges/measure?project=apimatic_core-interfaces-python&metric=vulnerabilities
+[pypi-version]: https://img.shields.io/pypi/v/apimatic-core-interfaces  
+[license-badge]: https://img.shields.io/badge/licence-MIT-blue  
+[license-url]: LICENSE  
+[maintainability-badge]: https://sonarcloud.io/api/project_badges/measure?project=apimatic_core-interfaces-python&metric=sqale_rating  
+[maintainability-url]: https://sonarcloud.io/summary/new_code?id=apimatic_core-interfaces-python  
+[vulnerabilities-badge]: https://sonarcloud.io/api/project_badges/measure?project=apimatic_core-interfaces-python&metric=vulnerabilities  
 [vulnerabilities-url]: https://sonarcloud.io/summary/new_code?id=apimatic_core-interfaces-python

apimatic_core_interfaces/__init__.py

@@ -2,5 +2,7 @@
     'client',
     'factories',
     'types',
-    'logger'
-]
+    'logger',
+    'http',
+    'security'
+]

apimatic_core_interfaces/http/__init__.py

@@ -0,0 +1,3 @@
+__all__ = [
+    'request',
+]

apimatic_core_interfaces/http/request.py

@@ -0,0 +1,14 @@
+from dataclasses import dataclass, field
+from typing import Dict, List, Optional
+
+@dataclass(frozen=True)
+class Request:
+    """Framework-agnostic HTTP request snapshot (files excluded)."""
+    method: str
+    path: str
+    url: Optional[str]
+    headers: Dict[str, str]
+    raw_body: bytes
+    query: Dict[str, List[str]] = field(default_factory=dict)
+    cookies: Dict[str, str] = field(default_factory=dict)
+    form: Dict[str, List[str]] = field(default_factory=dict)

apimatic_core_interfaces/security/__init__.py

@@ -0,0 +1,3 @@
+__all__ = [
+    'signature_verifier'
+]

apimatic_core_interfaces/security/signature_verifier.py

@@ -0,0 +1,29 @@
+from abc import ABC, abstractmethod
+
+from apimatic_core_interfaces.http.request import Request
+from apimatic_core_interfaces.types.signature_verification_result import SignatureVerificationResult
+
+
+class SignatureVerifier(ABC):
+    """
+    Abstract base class for signature verification.
+
+    Implementations must validate that the provided JSON payload matches
+    the signature contained in the headers.
+    """
+
+    @abstractmethod
+    def verify(self, request: Request) -> SignatureVerificationResult:
+        """
+        Perform signature verification.
+
+        Returns:
+            SignatureVerificationResult: ok=True when the signature is valid; ok=False with the
+            underlying exception (if any) when invalid or an error occurred.
+
+        Notes:
+            Implementations should NOT raise for runtime verification outcomes; return
+            VerificationResult.failed(error) instead. Reserve raising for programmer
+            errors (invalid construction/config).
+        """
+        raise NotImplementedError

apimatic_core_interfaces/types/__init__.py

@@ -1,5 +1,6 @@
 __all__ = [
     'http_method_enum',
     'authentication',
-    'union_type'
+    'union_type',
+    'signature_verification_result'
 ]

apimatic_core_interfaces/types/signature_verification_result.py

@@ -0,0 +1,26 @@
+from __future__ import annotations
+from typing import Optional, List
+
+
+class SignatureVerificationResult:
+    """
+    Outcome of signature verification.
+
+    Attributes:
+        ok: True if the signature verification passed.
+        errors: Optional list of errors raised by the verifier. None when ok=True.
+    """
+    ok: bool
+    errors: Optional[List[str]] = None
+
+    def __init__(self, ok: bool, errors: Optional[List[str]] = None):
+        self.ok = ok
+        self.errors = errors
+
+    @staticmethod
+    def passed() -> "SignatureVerificationResult":
+        return SignatureVerificationResult(ok=True, errors=None)
+
+    @staticmethod
+    def failed(errors: Optional[List[str]] = None) -> "SignatureVerificationResult":
+        return SignatureVerificationResult(ok=False, errors=errors)

setup.py

@@ -12,7 +12,7 @@
 
 setup(
     name='apimatic-core-interfaces',
-    version='0.1.6',
+    version='0.1.7',
     description='An abstract layer of the functionalities provided by apimatic-core-library, requests-client-adapter '
                 'and APIMatic SDKs.',
     long_description=long_description,