You can take a few extra steps to prevent malicious developers accessing your requests.
Table of Contents
- Use HTTPS
- Set Up Your Firewall
- Use a Token or Secure Key
- Enable HTTP Body Encryption
- Use Random Initialization Vector
Use (https://) instead of (http://) in your URL to ensure a more secure communication channel.
Set Up Your Firewall
Use the required firewall settings. See Firewall Settings.
Use a Token or Secure Key
In the URL, add a secret key to all requests received via a Webhook, for example:
When your server receives a request, but the authorization fails, send a response back with the HTTP response code ‘401 Unauthorized’.
Enable HTTP Body Encryption
You can enable encryption in the HTTP body. Many cipher methods are available.
For decryption, you need:
- The HTTP body (base64 encoded if encryption is enabled)
- The selected cipher method
- The secret key
- The iv (if you enabled random initialization vector)
Tip: For an example decryption code, see Processing Webhook Requests.
Note: If you enable encryption, you must set up a secret key for encryption and decryption.
Use Random Initialization Vector
Note: If you disable it, an empty initialization vector is used instead.