This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Webhooks security

cpatel
Deputy Chef I
Deputy Chef I

โ€Ž03-14-2022 04:47 PM

Are there any posts/documents/guides on how we can secure the data being sent by other systems to webhooks.

I am trying to configure webhook and listen to trigger from sailpoint and using this: https://docs.workato.com/connectors/workato-webhooks but I do not see how the data being sent from sailpoint to workato would be protected. Any information on how to protect the transportation of data?

3 REPLIES 3

jblanchett
Deputy Chef III
Deputy Chef III

โ€Ž03-14-2022 04:51 PM

If the webhook provider provides a form of signature, like HMAC signature, you can create a callable recipe to confirm the signature before processing the webhook. Otherwise, you may want to look into using API endpoints and use API authentication and/or IP whitelisting

0 Kudos

cpatel
Deputy Chef I
Deputy Chef I
In response to jblanchett

โ€Ž03-14-2022 05:08 PM

Webhook provider has quite limited capabilites but I was thinking of using api end points but again there are limitations of what authentication options available on sailpoint side. I just wanted to know how others are handling it and looks like they don't protect what's not important and use some methods if protection needed.

Some kind of response from community is really helpful to confirm my own understanding which I get from workato documentation , specially in this remote world.

0 Kudos

jblanchett
Deputy Chef III
Deputy Chef III

โ€Ž03-14-2022 05:01 PM

If the webhook doesn't contain anything sensitve, and it just triggers you to go do something, like download a report, then that's fine you don't really need to authenticate the webhook in anyway. Just don't send any requests to a URL provided by the webhook. Use the parameters and such, but don't use the entire URL as it may be a bad one.

Copyright © 2024 Khoros, LLC