Secured webhook calls
If your notify URL supports authentication methods you can make sure to define them upon the creation of your webhook instance.
Whitelisting our webhook IPs
This is the most basic way of ensuring that your resource is only accessible from our IP ranges. You can add the range to your API configuration. You find the CIDR ranges here.
Username and password authenticaton
The username and password will be appended to the url parameter already present in the endpoint. The format for url will be http://username:[email protected]/
. A sample cURL request is mentioned below.
curl --location 'http://api.brevo.com/v3/webhooks' \
--header 'content-type: application/json' \
--header 'api-key: xkeysib-{api-key}' \
--data '{
"description" : "string",
"url" : "https://username:[email protected]/notifyurl3234121232",
"events" : ["sent"],
"type" : "transactional"
}'
The API key will be required by default to authenticate the API endpoint request. In the cURL request above, a request is being sent to create a webhook for transactional emails using the event sent
and it’s authenticated with adding the username and password to the url.
Bearer token authorization
If you have defined token based header authentication to your notifyURL you can define it like so upon the creation of your webhook object.
curl --location 'http://api.brevo.com/v3/webhooks' \
--header 'content-type: application/json' \
--header 'api-key: xkeysib-{api-key}' \
--data '{
"description" : "string",
"url" : "https://example.com/notifyurl3234121232",
"events" : ["sent"],
"type" : "transactional"
"auth":{
"type":"bearer",
"token":"client-token"
}
}'
Cloudflare headers authorization
Cloudflare authorization is handled by adding headers into the Create/Update a Webhook endpoint. The user can add values for headers with anything as request headers. An example of a cURL request is given below.
curl --location 'http://api.brevo.com/v3/webhooks' \
--header 'content-type: application/json' \
--header 'api-key: ' \
--data '{
"description" : "string",
"url" : "https://example.com/notifyurl3234121232",
"events" : ["sent"],
"type" : "transactional",
"headers":[
{
"key":"client-id",
"value":"1234clientidvalue"
},
{
"key":"client-secret",
"value":"5678clientsecretvalue"
}
]
}'
The client just needs to send a request to the endpoint and send any value as the headers in request, the client can send multiple headers. These headers will be used for authentication later when a webhook event is triggered to the url.
Updated 11 months ago