Enhance the security of our webhook endpoint

Dear Keap Support,

I hope this message finds you well. I am currently integrating Keap with our system, and I have a few questions regarding webhook security.

We would like to enhance the security of our webhook endpoint by requiring a custom token for authentication. Could you please let us know if it is possible to include a custom token in the webhook payload or headers when Keap emits an event and calls our webhook endpoint? Specifically, we would like to provide a token that Keap can include in the webhook requests to ensure that only requests with this token are accepted by our system.

If this feature is not currently supported, do you have any recommendations for securely validating the webhook requests from Keap to prevent unauthorized access?

Thank you for your assistance.

Best regards,

Good morning Daniel!

One way that you could go about that is to have your resthook reciever endpoint configured with a key in the resource. For instance, given the following endpoint:
https://site.com/webhooks/keap

Then you could map on your end a parameter in the endpoint logic:
https://site.com/webhooks/keap/{key}

When you go to subscribe to a webhook, you would then specify the full URL including the key as the subscription:
https://site.com/webhooks/keap/abc123
which would then provide a key of abc123 to your endpoint controller on each sent payload for validation of the message.

I have seen people use the strategy @TomScott mentioned, but using a query param.

Ok thank you!

Awesome, thank you!