AWS SNS SES notifications to basic-auth HTTPS endpoint always sent twice


I have a setup to receive AWS SES Open notifications via SNS to a HTTPS endpoint of our web app. I followed the documentation and set it up with basic-auth

All notifications from AWS arrive two times, the first time without the basic-auth header, but full payload, and the second time with basic-auth header. Here a redacted dump of what AWS sends and how we respond when I open an email with tracking pixel

Is this the expected behaviour?

1 Answer

Maybe someone else can answer the SES-specific implementation details pertaining to your question, so take my following answer with a grain of salt.

Basic auth is a challenge-response mechanism, so it is generally considered best practice to only send credentials when prompted. This allows for redirects to occur for example (e.g. upgrade the connection to HTTPS if initiated over HTTP), so the credentials only being sent when necessary.

answered 2 years ago
  • Would be really handy if SNS could do preemptive authentication, like most http clients support. Would save both sides from duplicate requests.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions