API Reference
API StatusGet API KeysRoadmapHelp

Webhook Settings

Add an extra layer of security to your webhook events.

Webhook Security

To prevent unauthorized users from posting content to your webhook, customers can enable adding an Authorization header to the requests sent through the Dashboard.

To enable additional security for your webhooks:

  1. Open the Dashboard™ and log in.
  2. In the left sidebar navigation menu, go to Developers > Webhooks.
  3. Expand the Authorization Header menu.
  4. Select the Bearer and enter the required information. By default, No Authorization is selected.
Enable Authorization header for webhooks. Click to Expand.

Enable Authorization header for webhooks. Click to Expand.

Bearer Authorization

We support Bearer tokens as an Authorization header in webhook responses.

Railz webhook bearer authorization flow. Click to Expand.

Our webhook bearer authorization flow. Click to Expand.

🚧

  • You will need to provide us with a public API endpoint that accepts Basic authentication using a username and password.
  • Authorization header in webhook request will have content-type as application/x-www-form-urlencoded.
Railz Bearer Authorization header. Click to Expand.

Webhook Bearer Authorization header. Click to Expand.

FieldValid values
Access Token URLA valid GET or POST API endpoint URL.
UsernameBasic Auth username.
PasswordBasic Auth password.
Token Response FieldThe name of the parameter in the provided API endpoint response that contains the access token.
Body Parameters (optional)Add up to 5 unique body parameters to include in your authentication endpoint request.
Header Parameters (optional)Add up to 5 unique header parameters to include in your authentication endpoint request.

Reserved Header Parameter Names

Railz-Signature, Railz-API-Version, content-type and authorization are reserved header parameter names and can't be added.

Request Parameter Name

To help you identify the webhooks sent by us, we've added the ability to add a parameter label to specify the name of the request identifier 'requestId'. The new value The parameter can have the following values:

  1. The new value will be passed along with 'requestId'
  2. Name must be greater than or equal to 2 characters and less than 40 characters.
  3. The new parameter name cannot be named 'requestId' not 'data'
  4. The following characters are allowed: letters, numbers, "-" & "_"