Authentication

Webhooks offers the following authentication mechanisms.

Header

Useful for presenting API Key + API Secret.

OAuth

  • The webhooks engine performs a client credentials flow with the configured client credentials to obtain a bearer token.
  • This bearer token is included in the request header as Authorization: Bearer @TOKEN@.
  • If a 401 or 403 is returned from the API endpoint, the token is discarded.
  • The obtained access token is cached and used across several requests.
  • More than one access token can be in use at the same time.

MTLS

Use a configured personal certificate as the means of establishing an authenticated TLS session.

Basic

According to

RFC 7617.