Securing Requests
You can take a few extra steps to prevent malicious developers from accessing your requests.
Table of Contents
- Use HTTPS
- Set Up Your Firewall
- Use a Token or Secure Key
- Enable HTTP Body Encryption
- Use Random Initialization Vector
Use HTTPS
Use (https://) instead of (http://) in your URL to ensure a more secure communication channel.
Set Up Your Firewall
Use the required firewall settings. See Firewall Settings.
Use a Token or Secure Key
You can add Basic Authentication to your webhook by selecting Authentication and adding a Username and a Password.
You can add API keys, Bearer tokens, or other forms of authentication protocols to the Header of the request by modifying the Headers section with key:value pairs.
When your server receives a request, but the authorization fails, send a response back with the HTTP response code ‘401 Unauthorized’.
Enable HTTP Body Encryption
You can enable encryption in the HTTP body. Many cipher methods are available.
For decryption, you need:
- The HTTP body (base64 encoded if encryption is enabled)
- The selected cipher method
- The secret key
- The iv (if you enabled random initialization vector)
Tip: For an example decryption code, see Processing Webhook Requests.
Note: If you enable encryption, you must set up a secret key for encryption and decryption.
Use Random Initialization Vector
Random initialization vector is a commonly used technique. To use this technique, use the “iv” URL parameter. See To Use Dynamic URLs section.
Example URL: https://your-url/resource?iv=${iv}
Note: If you disable it, an empty initialization vector is used instead.
Comments
Can’t find what you need? Use the comment section below to connect with others, get answers from our experts, or share your ideas with us.
There are no comments yet.