From ca0584eb26dabf987cb13d7bfb9a387a521d5ee4 Mon Sep 17 00:00:00 2001 From: Alexandre Bodin Date: Fri, 10 Jan 2020 12:24:34 +0100 Subject: [PATCH] Add default secure webhooks doc Signed-off-by: Alexandre Bodin --- docs/3.0.0-beta.x/concepts/webhooks.md | 43 ++++++++++++++++++++++++-- 1 file changed, 40 insertions(+), 3 deletions(-) diff --git a/docs/3.0.0-beta.x/concepts/webhooks.md b/docs/3.0.0-beta.x/concepts/webhooks.md index 40861dea26..dcdaed5f8c 100644 --- a/docs/3.0.0-beta.x/concepts/webhooks.md +++ b/docs/3.0.0-beta.x/concepts/webhooks.md @@ -159,14 +159,51 @@ This event is triggered only when you delete a media through the media interface } ``` -## Securing your webhooks - -## Developer use +## Developer documentation ### Architecture ![Webhooks architecture diagram](../assets/concepts/diagram-architecture.png) +### Securing your webhooks + +Most of the time, webhooks make request to publicly avaialble URLs, therefore it is possible that someone find that URL and send it wrong informations. + +To prevent this from happening you can send a header with an authentication token. Using the Admin panel you would have to do it for every webhook. +Another way is to define `defaultHeaders` to add to every webhook requests. + +You can configure those global headers by updating the file at `./config/environments/{env}/server.json`: + +:::: tabs + +::: tab "Simple token" + +```json +{ + "webhooks": { + "defaultHeaders": { + "Authroization": "Bearer my-very-secured-token" + } + } +} +``` + +::: + +::: tab "Environment variable" + +```json +{ + "webhooks": { + "defaultHeaders": { + "Authroization": "Bearer ${ process.env.WEBHOOK_TOKEN }" + } + } +} +``` + +:::: + ### Available configurations ### Programmatic use