Was this article helpful?
Thanks for your feedback
Webhooks are an ideal way to send information automatically to an external application. However, it is critical to ensure that the receiving app or server validates the source before accepting requests. To avoid potential security threats, users can secure your webhooks.
Contentstack offers three highly recommended security measures that you can implement when setting up a webhook. These are “Basic Authentication,” “Custom Headers,” and “IP Whitelisting”.
Let’s look at the ways you can secure your webhook event data.
Basic authentication
When setting up a webhook, Basic Authentication, i.e., Basic Auth, allows users to set a username and password associated with your HTTP endpoint. With this method, your basic auth field values are included in the header of the HTTP request.
To set this method, go to SETTING > Webhooks. Here, you can add the basic auth details by providing the values for the following fields:
- HTTP basic auth username
- HTTP basic auth password
Now, your URL is secure with the above basic auth username and password.
Custom Headers
As an additional method of security, you can specify custom headers that Contentstack will use while sending the payload to the specified endpoint. Custom Headers give the destination application an option to authenticate your webhook requests, and reject any that do not contain these custom headers.
Custom headers are key-value parameters that you send/receive in the header of each call of your notifying URL.
To set this method, log in to your Contentstack account, go to your stack, and perform the following steps:
- Click on the “Settings” icon (press “S”) on the left navigation panel.
- Click on Webhooks (press “alt + W” for Windows OS, and “option + W” for Mac OS). Here, you can add custom headers by providing the values for the following fields under ‘Custom headers’:
- Key
- Value
Note: You can set multiple custom header key-value pairs.
IP Whitelisting with Contentstack
IP whitelisting is another security feature that gives only an approved list of IP addresses the permission to access your domain(s).
To protect your domain from potential attacks, Contentstack will provide you with a specific set of IP addresses that you can whitelist. This will allow you to limit and control access only to trusted IPs and lets you verify whether the data is sent from Contentstack.
To receive the Contentstack IPs, contact our Support team today.
Additional Resource: You can also read on how to Pass Contentstack Webhooks through Firewall, in our detailed documentation.
