Webhook security


I’m setting up a webhook and was wondering what the best practice is to secure this?

Also is there a way to validate the incoming request ip/host with the validator ?

Thanks in advance!

1 Like

Hi @rolf

Thank you for getting in touch with us through the Alumio forum.

In order to validate the source IP address of the webhook request, you can use a Header Matcher to validate forwarded header with the value of for=IP_ADDRESS;proto=https. Please replace the IP_ADDRESS with the source IP address of the webhook request.

See the below screenshot as an example, where the IP address is stored in an environment variable called IP_ADDRESS_1.

Please give it a try and let us know if you find any problems.