Authenticating Webhooks
Last updated
Last updated
This feature ensures secure communication between Agency Handy and external systems. By setting up authentication, you can protect data transmission and ensure that only authorized endpoints receive webhook data.
Security: Protect sensitive data from unauthorized access.
Reliability: Ensure that webhook data is only sent to and received by authorized endpoints.
Compliance: Meet security and compliance requirements for data transmission.
We highly recommend verifying the webhooks that you receive in your endpoint. You can verify the webhook in the following way:
POST
/api/v1/webhooks/verify-signature
Headers (required)
Name | Value |
---|---|
Body(required)
Name | Type | Description |
---|---|---|
You can find webhookId after you have created a webhook.
You can get the webhook signature from the request header named.
x-ah-sig
You can get the webhook secret after you have created a webhook. You can find the payload in the request body on the sidebar webhook secret.
Response
Example:
Token Management: Keep the token secure and change it periodically to maintain security.
Endpoint Security: Ensure the endpoint URL is secure and can validate the token.
Regular Monitoring: Monitor the webhook activity to detect any unauthorized access attempts.
Documentation: Maintain a record of the authentication tokens and their corresponding endpoints for reference and troubleshooting.
Content-Type
application/json
webhookId
string
Webhook Id
signature
string
signature of the webhook
secret
string
webhook secret
payload
object
webhook payload