Authentication
Webhooks offers the following authentication mechanisms.
Header
Useful for presenting API Key + API Secret.
OAuth
- The webhooks engine performs a client credentials flow with the configured client credentials to obtain a bearer token.
- This bearer token is included in the request header as
Authorization: Bearer @TOKEN@
. - If a 401 or 403 is returned from the API endpoint, the token is discarded.
- The obtained access token is cached and used across several requests.
- More than one access token can be in use at the same time.
MTLS
Use a configured personal certificate as the means of establishing an authenticated TLS session.
Basic
According to
RFC 7617.