Was this article helpful?
Thanks for your feedback
Webhooks are an ideal way to send information automatically to an external application. However, it is critical to ensure that the receiving app or server validates the source before accepting requests. To avoid potential security threats, users can secure your webhooks.
Contentstack offers three highly recommended security measures that you can implement when setting up a webhook. These are “Basic Authentication,” “Custom Headers,” and “IP Whitelisting”.
Let’s look at the ways you can secure your webhook event data.
When setting up a webhook, Basic Authentication, i.e., Basic Auth, allows users to set a username and password associated with your HTTP endpoint. With this method, your basic auth field values are included in the header of the HTTP request.
To set this method, go to SETTING > Webhooks. Here, you can add the basic auth details by providing the values for the following fields:
Now, your URL is secure with the above basic auth username and password.
As an additional method of security, you can specify custom headers that Contentstack will use while sending the payload to the specified endpoint. Custom Headers give the destination application an option to authenticate your webhook requests, and reject any that do not contain these custom headers.
Custom headers are key-value parameters that you send/receive in the header of each call of your notifying URL.
To set this method, go to SETTING > Webhooks. Here, you can add custom headers by providing the values for the following fields under ‘Custom headers’:
Note: You can set multiple custom header key-value pairs.
IP whitelisting is another security feature that gives only an approved list of IP addresses the permission to access your domain(s).
To protect your domain from potential attacks, Contentstack will provide you with a specific set of IP addresses that you can whitelist. This will allow you to limit and control access only to trusted IPs and lets you verify whether the data is sent from Contentstack.
To receive the Contentstack IPs, contact our Support team today.
Was this article helpful?
Thanks for your feedback