Securing Requests

You can take a few extra steps to prevent malicious developers accessing your requests.

Table of Contents

Use HTTPS

Use (https://) instead of (http://) in your URL to ensure a more secure communication channel.

Set Up Your Firewall

Use the required firewall settings. See Firewall Settings.

Use a Token or Secure Key

In the URL, add a secret key to all requests received via a Webhook, for example: https://your-url/resource?secret-key=xxxxxxxxxxxxxx.
When your server receives a request, but the authorization fails, send a response back with the HTTP response code ‘401 Unauthorized’.

Enable HTTP Body Encryption

You can enable encryption in the HTTP body. Many cipher methods are available.

For decryption, you need:

  • The HTTP body (base64 encoded if encryption is enabled)
  • The selected cipher method
  • The secret key
  • The iv (if you enabled random initialization vector)

Tip: For an example decryption code, see Processing Webhook Requests.

Note: If you enable encryption, you must set up a secret key for encryption and decryption.

Use Random Initialization Vector

Random initialization vector is a commonly used technique. To use this technique, use the “iv” URL parameter. See To Use Dynamic URLs section.

Example URL: https://your-url/resource?iv=${iv}

Note: If you disable it, an empty initialization vector is used instead.


There are no comments yet.

Comment

Subscribe to our newsletter
or Contact us!
Please note that by subscribing to our newsletter, you agree to receive regular email messages from VCC Live about service related news and updates. By subscribing to our newsletter, you also agree that VCC Live will use your data in accordance with the applicable Privacy Policy until you unsubscribe from the newsletter.