Mergent
Search…
Webhooks Security
Ensuring secure communication between your application and Mergent is essential. There are several layers of security and validation that you can build into your web application for handling Mergent webhooks - let's review each of these.

HTTP Authentication

Mergent supports HTTP authentication of all types. Some examples:

Basic Authentication

When creating a Task, set the request headers to include: { "Authorization": "Basic ..." }

Bearer Authentication

When creating a Task, set the request headers to include: { "Authorization": "Bearer ..." }

Validating Origin Signatures

Mergent will sign all inbound requests to your application with an X-Mergent-Signature HTTP header. Mergent uses the request body sent in the webhook to create this signature. The signature uses the HMAC-SHA1 hashing algorithm with your Mergent account's auth token as the secret key.
Both libraries have support for this built into the RequestValidator.

Encryption

Encrypting the request body when creating a Task is a possible. See https://docs.mergent.co/guides/encrypting-tasks