Securing Requests
You can take a few extra steps to prevent malicious developers accessing your requests.
Table of Contents
- Use HTTPS
- Set Up Your Firewall
- Use a Token or Secure Key
- Enable HTTP Body Encryption
- Use Random Initialization Vector
Use HTTPS
Use (https://) instead of (http://) in your URL to ensure a more secure communication channel.
Set Up Your Firewall
Use the required firewall settings. See Firewall Settings.
Use a Token or Secure Key
In the URL, add a secret key to all requests received via a Webhook, for example: https://your-url/resource?secret-key=xxxxxxxxxxxxxx.
When your server receives a request, but the authorization fails, send a response back with the HTTP response code ‘401 Unauthorized’.
Enable HTTP Body Encryption
You can enable encryption in the HTTP body. Many cipher methods are available.
For decryption, you need:
- The HTTP body (base64 encoded if encryption is enabled)
- The selected cipher method
- The secret key
- The iv (if you enabled random initialization vector)
Tip: For an example decryption code, see Processing Webhook Requests.
Note: If you enable encryption, you must set up a secret key for encryption and decryption.
Use Random Initialization Vector
Random initialization vector is a commonly used technique. To use this technique, use the “iv” URL parameter. See To Use Dynamic URLs section.
Example URL: https://your-url/resource?iv=${iv}
Note: If you disable it, an empty initialization vector is used instead.
Comments
Can’t find what you need? Use the comment section below to connect with others, get answers from our experts, or share your ideas with us.
There are no comments yet.