Setting up Event-Based Notifications with Webhooks
Set up event-based notifications in order to subscribe third-party applications to important events captured by the SecureAuth platform, such as Open Banking consents or data access requests. As a developer, you can also consume the Webhook CRUD APIs.
Create a Webhook for Event-based Notifications
Go to Extensions > Webhooks.
Select Create Webhook. Fill in the necessary data:
Field
Description
URL
Address to send the notification to (for example, the logging endpoint URL)
Subscribed events
Select events which trigger the notification from the list. Keep in mind that events are specific to the workspace type.
Select Create to confirm. Copy the API key when notified - this API key is always sent with the outbound SecureAuth request so that you can use it to protect the target server.
Your webhook is created. Event-based notifications should now be triggered in this workspace. If you want to disable certificate validation when sending requests from SecureAuth, activate the Developer mode.
Hardening
Each webhook invocation contains an HTTP header X-API-Key
with a unique value of Webhook API Key (presented in the last step of the previous section). Your logging solution should check this key, so that only those requests with the correct value are accepted.
The following snippet represents such check as minimal nginx server:
server { listen 80; server_name <public url of the logging solution>; location / { if ($http_x_api_key != '<webhook api key>') { return 403; } proxy_pass http://<backend url of the loggin solution>; } }