serverless webhook support secret?
serverless webhook get status should set secret, otherwise anyone can change my db.
6 Replies
you can embed secret into your webhook
How to embed?
Solution
you can use url query params
ok thanks ,is it such as webhook: https:mywebhookurl?secret=publickey?
yes
Just be aware that query params can be logged/viewed.
If you data is sensitive, another way could be to expose the private key as an env var in your serverless. Then, sign each webhook response and pass the signature along with the response. Your backend would have the same private key so can validate the signature.
I haven't tested it but it should work.