Webhook Authentication

Webhooks use authentication to securely integrate with their destination systems. This article describes the supported types of authentication and how to configure authentication.

Webhook authentication

Webhooks offer three authentication methods: API key, basic, and bearer token. Always use these authentication methods over HTTPS (TLS). For webhooks without authentication, simply exclude the authentication field from the request.

At Ironclad, it is possible to create and retrieve webhooks in the UI and through the API. To learn more about interacting with webhooks through the API visit the tutorial here.

Note: GET /webhooks redacts Authorization headers.

Reference for adding Authorization in User Interface

In the Ironclad UI go to Company Settings -> API -> Webhooks -> "Create a Webhook"

API key authentication

API POST Webhook Example

 POST /webhooks: Example request body

{  
    "events": [  
        "workflow_attribute_updated" //sample event 
    ],  
    "targetURL": "[WEBHOOK_TARGET_URL]",
    "headers": {
        "Authorization": "[WEBHOOK_API_AUTH_TOKEN]"
    }  
}

Webhook UI Example

Basic authentication

In order to use Basic authentication with our webhook authentication you need to have an encoded base 64 value of your credentials. We will refer to these as [WEBHOOK_BASIC_AUTH_BASE_64_ENCODED]

Please follow the steps here to generate an encoded basic auth.

API POST Webhook Example

{  
    "events": [  
        "workflow_attribute_updated" //sample event 
    ],  
    "targetURL": "[WEBHOOK_TARGET_URL]",
    "headers": {
       "Authorization": "Basic [WEBHOOK_BASIC_AUTH_BASE_64_ENCODED]"
    }  
}


Webhook UI Example

Bearer authentication

API POST Webhook Example

{  
    "events": [  
        "workflow_attribute_updated" //sample event 
    ],  
    "targetURL": "[WEBHOOK_TARGET_URL]",
    "headers": {
        "Authorization": "Bearer [WEBHOOK_BEARER_TOKEN]"
    }  
}


Webhook UI Example

Troubleshooting Errors

Once a webhook is configured it should appear in the main webhooks page. You can troubleshoot configuration and authentication issues in the Company Settings -> Errors page. More information is available here.