Security & Authentication for Webhooks
When setting up webhooks in Sentinel, it’s important to implement your own authentication and security mechanisms, as there is currently no default authentication or custom headers sent in the webhook payloads. To ensure that only legitimate requests are accepted, we recommend adding an authentication key to your webhook URL.
Adding an Authentication Key
A simple and effective way to secure your webhook endpoint is by including an authentication key in the URL itself. For example:
In this case, ABC_1234 serves as the authentication token. On your server side, you can verify that the token matches the expected value before processing the webhook data. If the token is incorrect or missing, you can reject the request to prevent unauthorized access.
Why Is This Important?
Since Sentinel does not send any built-in authentication headers with webhook requests, it's critical to implement your own method of validation to prevent malicious actors from spoofing webhook events. By checking the auth parameter or similar custom keys, you can ensure that only authorized requests trigger actions on your systems.
Best Practices for Securing Webhooks
Use Strong Authentication Tokens: Ensure that the
authkey is complex and not easily guessable.Use HTTPS: Always serve your webhook endpoint over HTTPS to encrypt communication and protect the authentication key from being intercepted.
Validate Incoming Requests: Check that the
authkey matches the expected value before accepting or processing any webhook event.
By following these practices, you can ensure that your webhook integration remains secure and that only authorized requests are processed.
Last updated