...
Event subscriptions allow you to set up HTTP headers that are included in delivered events.
This capability allows you to set custom headers that are required by a destination.
You can set up to 10 headers when creating an event subscription.
Each header value shouldn't be greater than 4,096 (4K) bytes.
...
Access Control
Azure Event Grid allows you to control the level of access given to different users to do various management operations such as list event subscriptions, create new ones, and generate keys.
Event Grid uses Azure role-based access control (Azure RBAC)
EventGrid doesn't support Azure RBAC for publishing events to Event Grid topics or domains.
Use a Shared Access Signature (SAS) key or token to authenticate clients that publish events.
If you're using an event handler that isn't a WebHook (such as an event hub or queue storage), you need write access to that resource.
This permissions check prevents an unauthorized user from sending events to your resource.
You must have the Microsoft.EventGrid/EventSubscriptions/Write permission on the resource that is the event source.
You need this permission because you're writing a new subscription at the scope of the resource.
The required resource differs based on whether you're subscribing to a system topic or custom topic
System topic: Need permission to write a new event subscription at the scope of the resource publishing the event.
The format of the resource is:
/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/{resource-provider}/{resource-type}/{resource-name}
For custom topics, you need permission to write a new event subscription at the scope of the event grid topic.
The format of the resource is:
/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/Microsoft.EventGrid/topics/{topic-name}
For example, to subscribe to a custom topic named mytopic, you need the Microsoft.EventGrid/EventSubscriptions/Write permission on:
/subscriptions/####/resourceGroups/testrg/providers/Microsoft.EventGrid/topics/mytopic
...
Receive events by using webhooks
Webhooks are one of the many ways to receive events from Azure Event Grid.
When a new event is ready, Event Grid service POSTs an HTTP request to the configured endpoint with the event in the request body.
Event Grid requires you to prove ownership of your Webhook endpoint before it starts delivering events to that endpoint.
This requirement prevents a malicious user from flooding your endpoint with events.
When you use any of the three Azure services listed below, the Azure infrastructure automatically handles this validation:
Azure Logic Apps with Event Grid Connector
Azure Automation via webhook
Azure Functions with Event Grid Trigger
Endpoint validation with Event Grid events
If you're using any other type of endpoint, such as an HTTP trigger based Azure function, your endpoint code needs to participate in a validation handshake with Event Grid.
Event Grid supports two ways of validating the subscription.
Synchronous handshake: At the time of event subscription creation, Event Grid sends a subscription validation event to your endpoint.
The schema of this event is similar to any other Event Grid event.
The data portion of this event includes a
validationCode
property.Your application verifies that the validation request is for an expected event subscription, and returns the validation code in the response synchronously.
This handshake mechanism is supported in all Event Grid versions.
Asynchronous handshake: In certain cases, you can't return the ValidationCode in response synchronously.
Event Grid supports a manual validation handshake.
If you're creating an event subscription, Event Grid sends a
validationUrl
property in the data portion of the subscription validation event.To complete the handshake, find that URL in the event data and do a GET request to it.
You can use either a REST client or your web browser.
...
Filter events
When creating an event subscription, you have three options for filtering:
Event types
By default, all event types for the event source are sent to the endpoint. You can decide to send only certain event types to your endpoint
Code Block "filter": { "includedEventTypes": [ "Microsoft.Resources.ResourceWriteFailure", "Microsoft.Resources.ResourceWriteSuccess" ] }
Subject begins with or ends with
Code Block "filter": { "subjectBeginsWith": "/blobServices/default/containers/mycontainer/log", "subjectEndsWith": ".jpg" }
Advanced fields and operators
To filter by values in the data fields and specify the comparison operator, use the advanced filtering option.
Code Block "filter": { "advancedFilters": [ { "operatorType": "NumberGreaterThanOrEquals", "key": "Data.Key1", "value": 5 }, { "operatorType": "StringContains", "key": "Subject", "values": ["container1", "container2"] } ] }
...
Comparison of services
...