Mergent
Home
Search…
Overview
Tasks
Quick Start
Scheduling Tasks
Request Failures & Retries
Viewing Task History
Request Timeouts
Webhooks Security
Localhost Dev & Webhooks
Schedules
Quick Start
Schedule Types
Request Failures & Retries
Client Libraries
JavaScript / TypeScript
Ruby
Example Implementations
API
Authentication
Errors
Rate Limits
API Reference
API Status
Guides
Encrypting Data
Use Cases
Send External Requests
Powered By GitBook
Webhooks Security
Ensuring secure communication between your application and Mergent is essential. There are several layers of security and validation that you can build into your web application for handling Mergent webhooks.

Validating Origin Signatures

Mergent signs all Task/Schedule HTTP requests with the X-Mergent-Signature header. This signature is an HMAC-SHA1 hash of the request body signed by your project's API key.
Mergent libraries have support for validating this signature built in.
JavaScript:
const validator = new RequestValidator("your project's API key");
validator.validateSignature("request body", "the value of X-Mergent-Signature");
Ruby:
validator = Mergent::RequestValidator.new("your project's API key")
validator.valid_signature?("request body", "the value of X-Mergent-Signature")

HTTP Authentication / Authorization

Because Mergent allows you to set the request headers, it's easy to use standard or custom headers per request. Some common examples:

Basic Authentication

When creating a Task, set the request headers to include: { "Authorization": "Basic ..." }

Bearer Authentication

When creating a Task, set the request headers to include: { "Authorization": "Bearer ..." }

Encryption

Encrypting the request body when creating a Task is possible. See https://docs.mergent.co/guides/encrypting-tasks
Tasks - Previous
Request Timeouts
Next - Tasks
Localhost Dev & Webhooks
Last modified 1d ago
Copy link
On this page
Validating Origin Signatures
HTTP Authentication / Authorization
Encryption