Webhook alerts: adding an authentication token

When an incident is detected by a robot, you can take immediate action by developing scripts that will be triggered by Webhook.

Webhooks Security

Until today, security was based on the fact that the URLs you set up were “hidden”. However, the importance of the tasks performed by these scripts could be major (service restart, process stop…) we felt that this was not enough.

We want to provide you with a high level of security without sacrificing the simplicity of configuration to which we are committed.

Authentication token

Based on the realization that we could significantly improve the security of Webhooks, we have modified their operation by adding a new parameter.

This parameter named Hitflow-Webhook-Token is located in the request header and allows you to verify the legitimacy of the sender.

The authentication token will be generated when you add one (or more) Webhook URL(s) to a contact, a unique token will be generated.

As a reminder, the Webhook token of a contact can be retrieved by going to the contact edit form, in the “Alert settings” section, in the line “Webhook authentication token”.

Other evolutions such as a “user/password” type authentication are under study and may be available soon.