Mergent
Search…
Overview
**Need Help?**
Tasks
Quick Start
Scheduling Tasks
Request Failures & Retries
Viewing Task History
Task Failure Notifications
Request Timeouts
Webhooks Security
Localhost Dev & Webhooks
Schedules
Quick Start
Schedule Types
Request Failures & Retries
Client Libraries
JavaScript / TypeScript
Ruby
Example Implementations
API
Authentication
Errors
Rate Limits
API v1 vs. v2
API Reference
API Status
Product
Roadmap
Guides
Encrypting Data
Use Cases
Send External Requests
Powered By GitBook
Webhooks Security
Ensuring secure communication between your application and Mergent is essential. There are several layers of security and validation that you can build into your web application for handling Mergent webhooks - let's review each of these.

HTTP Authentication

Mergent supports HTTP authentication of all types. Some examples:

Basic Authentication

When creating a Task, set the request headers to include: { "Authorization": "Basic ..." }

Bearer Authentication

When creating a Task, set the request headers to include: { "Authorization": "Bearer ..." }

Validating Origin Signatures

Mergent will sign all inbound requests to your application with an X-Mergent-Signature HTTP header. Mergent uses the request body sent in the webhook to create this signature. The signature uses the HMAC-SHA1 hashing algorithm with your Mergent account's auth token as the secret key.
Both libraries have support for this built into the RequestValidator.

Encryption

Encrypting the request body when creating a Task is a possible. See https://docs.mergent.co/guides/encrypting-tasks
Tasks - Previous
Request Timeouts
Next - Tasks
Localhost Dev & Webhooks
Last modified 3mo ago
Copy link
Contents
HTTP Authentication
Validating Origin Signatures
Encryption