You can now configure your app webhooks to use an authenticated server instead of a plain URL. While these requests have always been signed—which lets you tell if some imposter sent the notification instead of Front—they now can be authenticated, too.
When you set up application webhooks with a server, customers will supply unique credentials when installing your published app:
- Allowing your webhook server to identify exactly which customer each event pertains to
- Meeting enterprise security requirements
One thing to note: Webhooks will fail to send if customers skip the Authentication tab during install, so make sure your setup guide tells them to complete it.
Check out our webhooks documentation to get started.