# Security & Authentication for Webhooks When setting up webhooks in **Sentinel**, it’s important to implement your own authentication and security mechanisms, as there is currently no default authentication or custom headers sent in the webhook payloads. To ensure that only legitimate requests are accepted, we recommend adding an authentication key to your webhook URL. ## Adding an Authentication Key A simple and effective way to secure your webhook endpoint is by including an authentication key in the URL itself. For example: ``` https://api.example.com/api/v1/sentinelwebhook?auth=ABC_1234 ``` In this case, `ABC_1234` serves as the authentication token. On your server side, you can verify that the token matches the expected value before processing the webhook data. If the token is incorrect or missing, you can reject the request to prevent unauthorized access. ## Why Is This Important? Since **Sentinel** does not send any built-in authentication headers with webhook requests, it's critical to implement your own method of validation to prevent malicious actors from spoofing webhook events. By checking the `auth` parameter or similar custom keys, you can ensure that only authorized requests trigger actions on your systems. ## Best Practices for Securing Webhooks * **Use Strong Authentication Tokens:** Ensure that the `auth` key is complex and not easily guessable. * **Use HTTPS:** Always serve your webhook endpoint over HTTPS to encrypt communication and protect the authentication key from being intercepted. * **Validate Incoming Requests:** Check that the `auth` key matches the expected value before accepting or processing any webhook event. By following these practices, you can ensure that your webhook integration remains secure and that only authorized requests are processed. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://sentineldocs.metatable.dev/webhooks/security-and-authentication-for-webhooks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.