Webhook Security

To ensure a secure integration of webhooks with your custom implementation or the third-party provider, we propose the following safety measures.

Only allow HTTPS requests

freispace will only send webhook requests over HTTPS and check that endpoints have a valid SSL certificate.

Ensure to block any non-secure HTTP requests on the receiving end.

Ensure validity using HMAC

All requests are signed with HMAC using the sha256 algorithm. Check any incoming webhook's validity using the pre-shared key.