Securing your webhooks – Signed notification
Since the launch of Hapio, the system has consistently supported webhooks. These webhooks simplify your integrations by allowing your systems to react to various events within Hapio. Now, these webhooks have become even more secure.
Each webhook notification request sent from Hapio to your system is now signed. These signatures allow you to easily and effectively verify that the request originated from Hapio, and not from a malicious attacker. The signatures are also timestamped, protecting against replay attacks. In a replay attack, an attacker records a valid request and later re-transmits it, and by checking the signature timestamp you can make sure that it is not an old request.
You can read more about the technical details of these signatures in the documentation. From there, you can get started with the process of validating the webhook notification requests you receive.
Author
