Add an extra layer of security to your webhook events.
Webhook Security
To prevent unauthorized users from posting content to your webhook, customers can enable adding an Authorization header to the requests sent through the Railz Dashboard.
To enable additional security for your webhooks:
- Open the Railz Dashboard™ and log in.
- In the left sidebar navigation menu, go to Developers > Webhooks.
- Expand the Authorization Header menu.
- Select the Bearer and enter the required information. By default, No Authorization is selected.
Enable Authorization header for webhooks. Click to Expand.
Bearer Authorization
Railz supports Bearer tokens as an Authorization header in webhook responses.
Railz webhook bearer authorization flow. Click to Expand.
- You will need to provide us with a public API endpoint that accepts Basic authentication using a username and password.
- Authorization header in webhook request will have
content-typeasapplication/x-www-form-urlencoded.
Railz Bearer Authorization header. Click to Expand.
| Field | Valid values |
|---|---|
| Access Token URL | A valid GET or POST API endpoint URL. |
| Username | Basic Auth username. |
| Password | Basic Auth password. |
| Token Response Field | The name of the parameter in the provided API endpoint response that contains the access token. |
| Body Parameters (optional) | Add up to 5 unique body parameters to include in your authentication endpoint request. |
| Header Parameters (optional) | Add up to 5 unique header parameters to include in your authentication endpoint request. |
Reserved Header Parameter Names
Railz-Signature,Railz-API-Version,content-typeandauthorizationare reserved header parameter names and can't be added.
Request Parameter Name
To help you identify the webhooks sent by Railz, we've added the ability to add a parameter label to specify the name of the request identifier 'requestId'. The new value The parameter can have the following values:
- The new value will be passed along with 'requestId'
- Name must be greater than or equal to 2 characters and less than 40 characters.
- The new parameter name cannot be named 'requestId' not 'data'
- The following characters are allowed: letters, numbers, "-" & "_"