Class AmazonSesInvitationDeliveryAspNetCoreOptions
Namespace: Cephalon.MultiTenancy.Governance.AmazonSesDelivery.AspNetCore.Configuration
Assembly: Cephalon.MultiTenancy.Governance.AmazonSesDelivery.AspNetCore.dll
Configures ASP.NET Core Amazon SES over SNS callback translation for tenant-invitation delivery status updates.
public sealed class AmazonSesInvitationDeliveryAspNetCoreOptionsInheritance
Section titled “Inheritance”object ← AmazonSesInvitationDeliveryAspNetCoreOptions
Inherited Members
Section titled “Inherited Members”object.Equals(object?), object.Equals(object?, object?), object.GetHashCode(), object.GetType(), object.ReferenceEquals(object?, object?), object.ToString()
Remarks
Section titled “Remarks”This adapter translates SNS-wrapped Amazon SES event publishing payloads into Cephalon delivery-status reconciliation requests. It does not own AWS account setup, SES identity verification, SNS topic/subscription creation beyond optionally confirming signed subscription-confirmation callbacks, durable callback inboxes, distributed replay protection, or provider polling. When configured, it can verify the Amazon SNS message signature before translation, confirm verified SNS subscription requests, observe verified unsubscribe-confirmation lifecycle messages without restoring subscriptions, and skip duplicate SNS message identifiers already recorded by the Cephalon delivery-status observation store.
Constructors
Section titled “Constructors”AmazonSesInvitationDeliveryAspNetCoreOptions()
Section titled “ AmazonSesInvitationDeliveryAspNetCoreOptions()”Initializes a new instance of the
public AmazonSesInvitationDeliveryAspNetCoreOptions()Properties
Section titled “Properties”AcceptRawSesEventPayloads
Section titled “ AcceptRawSesEventPayloads”Gets or sets a value indicating whether raw Amazon SES event payloads should be accepted for controlled replay.
public bool AcceptRawSesEventPayloads { get; set; }Property Value
Section titled “Property Value”Remarks
Section titled “Remarks”Production SNS HTTP subscriptions post an SNS envelope whose Message field contains the SES event. This
option lets tests or replay tools post the SES event body directly without claiming a durable callback inbox.
Gets or sets the actor value recorded on translated Amazon SES delivery status observations.
public string Actor { get; set; }Property Value
Section titled “Property Value”AllowedSnsTopicArns
Section titled “ AllowedSnsTopicArns”Gets or sets the SNS topic ARNs accepted by this callback endpoint when topic allow-listing is required.
public string[] AllowedSnsTopicArns { get; set; }Property Value
Section titled “Property Value”string[]
EnableSnsMessageIdIdempotency
Section titled “ EnableSnsMessageIdIdempotency”Gets or sets a value indicating whether translated SNS notifications should skip duplicate MessageId
values that already exist in the Cephalon delivery-status observation store.
public bool EnableSnsMessageIdIdempotency { get; set; }Property Value
Section titled “Property Value”Remarks
Section titled “Remarks”This guard uses the stable SNS MessageId-derived observation id emitted by the translator. It does not
replace durable inboxing or distributed callback processing; the durability of the guard follows the configured
ITenantInvitationDeliveryStatusObservationStore.
EnableSnsReplayProtection
Section titled “ EnableSnsReplayProtection”Gets or sets a value indicating whether verified SNS callbacks should be protected against replay inside the current process.
public bool EnableSnsReplayProtection { get; set; }Property Value
Section titled “Property Value”Remarks
Section titled “Remarks”Replay protection is active only when TopicArn and
MessageId in memory and does not claim distributed replay protection or durable callback inbox ownership.
EnableSnsSubscriptionConfirmation
Section titled “ EnableSnsSubscriptionConfirmation”Gets or sets a value indicating whether verified SNS subscription-confirmation messages should be confirmed by the callback endpoint.
public bool EnableSnsSubscriptionConfirmation { get; set; }Property Value
Section titled “Property Value”Remarks
Section titled “Remarks”This option is disabled by default. When enabled, the endpoint only confirms SubscriptionConfirmation
envelopes after SNS signature verification has succeeded. It does not create SNS topics, configure SES event
destinations, own subscription lifecycle governance, or store confirmation tokens.
EnableSnsUnsubscribeConfirmationObservation
Section titled “ EnableSnsUnsubscribeConfirmationObservation”Gets or sets a value indicating whether verified SNS unsubscribe-confirmation messages should be reported by the callback endpoint without restoring the subscription.
public bool EnableSnsUnsubscribeConfirmationObservation { get; set; }Property Value
Section titled “Property Value”Remarks
Section titled “Remarks”This option is active only when SubscribeURL; that URL would
re-confirm the subscription and belongs to an explicit operator or provider lifecycle flow.
EnableStatusCallbackEndpoint
Section titled “ EnableStatusCallbackEndpoint”Gets or sets a value indicating whether the Amazon SES callback endpoint should be mapped.
public bool EnableStatusCallbackEndpoint { get; set; }Property Value
Section titled “Property Value”ExcludeStatusCallbackEndpointFromDescription
Section titled “ ExcludeStatusCallbackEndpointFromDescription”Gets or sets a value indicating whether the Amazon SES callback endpoint should be excluded from OpenAPI descriptions.
public bool ExcludeStatusCallbackEndpointFromDescription { get; set; }Property Value
Section titled “Property Value”MapEngagementEventsAsDelivered
Section titled “ MapEngagementEventsAsDelivered”Gets or sets a value indicating whether Amazon SES engagement events such as open and click should be recorded as delivered.
public bool MapEngagementEventsAsDelivered { get; set; }Property Value
Section titled “Property Value”Remarks
Section titled “Remarks”The default is false so the endpoint records deliverability events only. Enable this when a host deliberately wants engagement events to update invitation delivery status.
MaxEventsPerRequest
Section titled “ MaxEventsPerRequest”Gets or sets the maximum number of Amazon SES events accepted in one callback request.
public int MaxEventsPerRequest { get; set; }Property Value
Section titled “Property Value”Remarks
Section titled “Remarks”SNS HTTP callbacks normally contain one SES event in the Message field. Arrays are accepted only for
controlled replay and test harness scenarios while keeping the same bounded parsing posture.
MaxRequestBodyBytes
Section titled “ MaxRequestBodyBytes”Gets or sets the maximum request body size accepted by the Amazon SES callback endpoint, in bytes.
public int MaxRequestBodyBytes { get; set; }Property Value
Section titled “Property Value”PinnedSnsSigningCertificatePem
Section titled “ PinnedSnsSigningCertificatePem”Gets or sets a pinned X.509 certificate PEM used to verify SNS signatures instead of downloading the certificate
from SigningCertURL.
public string? PinnedSnsSigningCertificatePem { get; set; }Property Value
Section titled “Property Value”Remarks
Section titled “Remarks”This is primarily useful for tests, controlled replay, or hosts that deliberately pin the SNS signing certificate. Production hosts usually leave this unset so the endpoint retrieves the AWS SNS signing certificate from the validated HTTPS URL in the SNS envelope.
RecordStatus
Section titled “ RecordStatus”Gets or sets a value indicating whether translated delivery status should be recorded on the invitation.
public bool RecordStatus { get; set; }Property Value
Section titled “Property Value”RequireAllowedSnsTopicArn
Section titled “ RequireAllowedSnsTopicArn”Gets or sets a value indicating whether TopicArn must match
public bool RequireAllowedSnsTopicArn { get; set; }Property Value
Section titled “Property Value”Remarks
Section titled “Remarks”Keeping this enabled follows the SNS spoofing-prevention guidance that receivers reject messages from unexpected topics. Disable only for controlled multi-topic gateways that apply their own allow-list.
RequireProviderMessageMatch
Section titled “ RequireProviderMessageMatch”Gets or sets a value indicating whether translated Amazon SES events must match an existing provider message id.
public bool RequireProviderMessageMatch { get; set; }Property Value
Section titled “Property Value”Remarks
Section titled “Remarks”Amazon SES event payloads expose the SES-assigned message id through mail.messageId. Keeping this guard
enabled makes the callback translator reconcile only the invitation dispatch previously accepted by SES.
RequireSnsSignatureVerification
Section titled “ RequireSnsSignatureVerification”Gets or sets a value indicating whether SNS message signatures must verify before translation.
public bool RequireSnsSignatureVerification { get; set; }Property Value
Section titled “Property Value”Remarks
Section titled “Remarks”When enabled, the endpoint rejects raw SES replay payloads, validates the SNS envelope, verifies the Base64-encoded RSA signature over the canonical SNS string-to-sign, and records safe verification metadata.
RequireSnsSignatureVersion2
Section titled “ RequireSnsSignatureVersion2”Gets or sets a value indicating whether verified SNS messages must use SignatureVersion 2.
public bool RequireSnsSignatureVersion2 { get; set; }Property Value
Section titled “Property Value”Remarks
Section titled “Remarks”Amazon SNS topics default to signature version 1, but version 2 uses SHA-256 and is the recommended setting for new deployments. Disable this only when a host deliberately accepts legacy SHA-1 SNS signatures.
RequireStatusCallbackAuthorization
Section titled “ RequireStatusCallbackAuthorization”Gets or sets a value indicating whether the Amazon SES callback endpoint should require authorization.
public bool RequireStatusCallbackAuthorization { get; set; }Property Value
Section titled “Property Value”Remarks
Section titled “Remarks”The endpoint performs an in-handler authorization check by default. Hosts can satisfy it with ASP.NET Core authentication, a gateway, or deliberately disable it for trusted test hosts.
SnsReplayCacheLimit
Section titled “ SnsReplayCacheLimit”Gets or sets the maximum number of verified SNS callback replay fingerprints retained in the current process.
public int SnsReplayCacheLimit { get; set; }Property Value
Section titled “Property Value”Remarks
Section titled “Remarks”When the bounded cache is full, the oldest fingerprint is evicted before recording a new accepted signed callback.
SnsReplayRetentionSeconds
Section titled “ SnsReplayRetentionSeconds”Gets or sets the process-local retention window, in seconds, for verified SNS callback replay fingerprints.
public int SnsReplayRetentionSeconds { get; set; }Property Value
Section titled “Property Value”Remarks
Section titled “Remarks”The endpoint clamps the effective retention to at least one second. The default is five minutes.
SnsSubscriptionConfirmationTimeoutSeconds
Section titled “ SnsSubscriptionConfirmationTimeoutSeconds”Gets or sets the timeout, in seconds, for an enabled SNS subscription-confirmation HTTP request.
public int SnsSubscriptionConfirmationTimeoutSeconds { get; set; }Property Value
Section titled “Property Value”Remarks
Section titled “Remarks”The effective timeout is clamped between one second and five minutes.
Source
Section titled “ Source”Gets or sets the source value recorded on translated Amazon SES delivery status observations.
public string Source { get; set; }Property Value
Section titled “Property Value”StatusCallbackAuthorizationPolicy
Section titled “ StatusCallbackAuthorizationPolicy”Gets or sets the optional ASP.NET Core authorization policy required by the Amazon SES callback endpoint.
public string? StatusCallbackAuthorizationPolicy { get; set; }Property Value
Section titled “Property Value”StatusCallbackRoutePattern
Section titled “ StatusCallbackRoutePattern”Gets or sets the ASP.NET Core route pattern used for SNS-wrapped Amazon SES callbacks.
public string StatusCallbackRoutePattern { get; set; }Property Value
Section titled “Property Value”Remarks
Section titled “Remarks”The default route stays under /engine because this endpoint is a provider-adapter ingress surface, not an
application-owned onboarding API.
ValidateSnsSigningCertificateChain
Section titled “ ValidateSnsSigningCertificateChain”Gets or sets a value indicating whether the SNS signing certificate chain and validity window should be checked.
public bool ValidateSnsSigningCertificateChain { get; set; }Property Value
Section titled “Property Value”Remarks
Section titled “Remarks”The default is true for production safety. Tests using self-signed pinned certificates can disable this without weakening the canonical message-signature proof.
Methods
Section titled “Methods”FromConfiguration(IConfiguration?, string)
Section titled “ FromConfiguration(IConfiguration?, string)”Reads Amazon SES ASP.NET Core callback options from configuration.
public static AmazonSesInvitationDeliveryAspNetCoreOptions FromConfiguration(IConfiguration? configuration, string sectionPath = "Engine")Parameters
Section titled “Parameters”configuration IConfiguration?
The root configuration that contains the engine section.
sectionPath string
The engine root section path to read from.
Returns
Section titled “Returns”AmazonSesInvitationDeliveryAspNetCoreOptions
The parsed Amazon SES ASP.NET Core callback options.