Concepts
Webhooks Security
Learn to implement security for your incoming webhooks with HTTP authentication and origin signature validation
HTTP Authentication / Authorization
Because Mergent allows you to set the request headers, it’s easy to use standard or custom headers per request. Some common examples:
Basic Authentication
When creating a Task, set the request headers to include {"Authorization": "Basic ..."}
.
Bearer Authentication
When creating a Task, set the request headers to include {"Authorization": "Bearer ..."}
.
Validating Origin Signatures
Mergent signs all Task/Schedule HTTP requests with the X-Mergent-Signature
header. This signature is an HMAC-SHA1 hash of the request body signed by your project’s API key.
Mergent libraries have support for validating this signature built in.
JavaScript:
const validator = new RequestValidator("your project's API key");
validator.validateSignature("request body", "the value of X-Mergent-Signature");
Ruby:
validator = Mergent::RequestValidator.new("your project's API key")
validator.valid_signature?("request body", "the value of X-Mergent-Signature")
Was this page helpful?