HomeGuidesAPI ReferenceRecipesChangelogStatus
Guides
Help CenterMy API Keys 🔑

Secured webhook calls

Suggest Edits

If your notify URL supports authentication methods you can make sure to define them upon the creation of your webhook instance.

Whitelisting our webhook IPs

This is the most basic way of ensuring that your resource is only accessible from our IP ranges. You can add the range to your API configuration. You find the CIDR ranges here.

Username and password authenticaton

The username and password will be appended to the url parameter already present in the endpoint. The format for url will be http://username:[email protected]/. A sample cURL request is mentioned below.

curl --location 'http://api.brevo.com/v3/webhooks' \
--header 'content-type: application/json' \
--header 'api-key: xkeysib-{api-key}' \
--data '{
    "description" : "string",
    "url" : "https://username:[email protected]/notifyurl3234121232",
    "events" : ["sent"],
    "type" : "transactional"
}'

The API key will be required by default to authenticate the API endpoint request. In the cURL request above, a request is being sent to create a webhook for transactional emails using the event sent and it’s authenticated with adding the username and password to the url.

Bearer token authorization

If you have defined token based header authentication to your notifyURL you can define it like so upon the creation of your webhook object.

curl --location 'http://api.brevo.com/v3/webhooks' \
--header 'content-type: application/json' \
--header 'api-key: xkeysib-{api-key}' \
--data '{
    "description" : "string",
    "url" : "https://example.com/notifyurl3234121232",
    "events" : ["sent"],
    "type" : "transactional"
    "auth":{
             "type":"bearer",
             "token":"client-token"
    }
}'

Cloudflare headers authorization

Cloudflare authorization is handled by adding headers into the Create/Update a Webhook endpoint. The user can add values for headers with anything as request headers. An example of a cURL request is given below.


curl --location 'http://api.brevo.com/v3/webhooks' \
--header 'content-type: application/json' \
--header 'api-key: ' \
--data '{
    "description" : "string",
    "url" : "https://example.com/notifyurl3234121232",
    "events" : ["sent"],
    "type" : "transactional",
    "headers":[
          {
              "key":"client-id",
              "value":"1234clientidvalue"
          },
          {
              "key":"client-secret",
              "value":"5678clientsecretvalue"
          }
     ]
}'

The client just needs to send a request to the endpoint and send any value as the headers in request, the client can send multiple headers. These headers will be used for authentication later when a webhook event is triggered to the url.

Updated 10 months ago