Webhook security
Securing your webhook to prevent unauthorized use
This page describes the functionality of our legacy webhookWebhook An automated notification sent from Codat to your application when specific events occur, such as when data syncs complete or connections change status. offering. Learn more about our new webhookWebhook An automated notification sent from Codat to your application when specific events occur, such as when data syncs complete or connections change status. service and see how you can migrate to use it instead.
To prevent unauthorized users from posting content to your webhookWebhook An automated notification sent from Codat to your application when specific events occur, such as when data syncs complete or connections change status., Codat can add an Authorization header to the requests sent. You can set this up either via the Codat portal or APIAPI A set of rules and protocols that allows different software applications to communicate with each other. Codat provides APIs for accessing financial data from accounting, banking, and commerce platforms..
Enable webhookWebhook An automated notification sent from Codat to your application when specific events occur, such as when data syncs complete or connections change status. security in the Codat portal
To enable security for your organization's webhooksWebhook An automated notification sent from Codat to your application when specific events occur, such as when data syncs complete or connections change status..
- Sign in to the Codat Portal.
- Select Settings > WebhooksWebhook An automated notification sent from Codat to your application when specific events occur, such as when data syncs complete or connections change status. > Security.
- Select the authorization method you're interested in and enter the required information. By default, No Authorization is selected so security is turned off.
| Authorization method or scheme | Description |
|---|---|
| Basic | A base-64 encoded username and password are added to the authorization header of the HTTP request. |
| Bearer | A custom value or token is added to the authorization header. |
To enable webhookWebhook An automated notification sent from Codat to your application when specific events occur, such as when data syncs complete or connections change status. security, use any valid header value in ASCII in the alertAuthHeader. For example:
PUT <https://api.codat.io/profile>
{
"name": "Client Name"
"logoUrl": "https://logo.png"
"iconUrl": "https://icon.ico"
"redirectUrl": "https://link.com/complete"
"apiKey": "API-KEY"
"alertAuthHeader": "Basic amFzb246cGFzc3dvcmQ=" // API accepts any raw string value
"confirmCompanyName": false
}
The authorization header is included in all webhookWebhook An automated notification sent from Codat to your application when specific events occur, such as when data syncs complete or connections change status. events sent to your account.
Disable webhookWebhook An automated notification sent from Codat to your application when specific events occur, such as when data syncs complete or connections change status. security for specific rules
If you want to override webhookWebhook An automated notification sent from Codat to your application when specific events occur, such as when data syncs complete or connections change status. security for specific rules, please raise a ticket with our support team through the support request form.
Allowlisting Codat IP addresses for webhooksWebhook An automated notification sent from Codat to your application when specific events occur, such as when data syncs complete or connections change status.
Codat's webhookWebhook An automated notification sent from Codat to your application when specific events occur, such as when data syncs complete or connections change status. rules are served from static IP addresses. This means that you are able to apply an allowlisting rule to grant network access to these notifications.
20.77.82.168/3251.142.76.22/32