> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mergent.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Webhooks Security

> Learn to implement security for your incoming webhooks with HTTP authentication and origin signature validation

## HTTP Authentication / Authorization

Because Mergent allows you to set the request headers, it's easy to use standard or custom headers per request. Some common examples:

**Basic Authentication**

When creating a Task, set the request headers to include `{"Authorization": "Basic ..."}`.

**Bearer Authentication**

When creating a Task, set the request headers to include `{"Authorization": "Bearer ..."}`.

## Validating Origin Signatures

Mergent signs all Task/Schedule HTTP requests with the `X-Mergent-Signature` header. This signature is an HMAC-SHA1 hash of the request body signed by your project's API key.

Mergent libraries have support for validating this signature built in.

**JavaScript:**

```typescript
const validator = new RequestValidator("your project's API key");
validator.validateSignature("request body", "the value of X-Mergent-Signature");
```

**Ruby:**

```ruby
validator = Mergent::RequestValidator.new("your project's API key")
validator.valid_signature?("request body", "the value of X-Mergent-Signature")
```