Best answer

Webhook validation using secrets?

  • 31 March 2020
  • 2 replies

Hello Zapier dev community,

I work at FullStory, where I am building a Zapier app to go along with our recently-released webhooks feature. To configure a webhook in FS, users are required to provide a secret value that our servers use to sign payloads before delivery, so it can be verified that they were indeed sent from us. While it is easy enough to have someone provide this as an input field in a zap, it results in a slightly awkward experience where they are asked to “customize” the object of the webhook (e.g. for a “Note Created” event, it says “Customize Note” when asking for the secret). And this is otherwise a bit of a clunky interruption to the normal flow of creating a zap.

What I would really prefer is to be able to auto-generate this secret at subscribe time and store it somewhere in the bundle, so this process is opaque to users. But as far as I can tell, there is not any place in the bundle where this sort of thing could be arbitrarily stored, except by requiring it as an input field from the user. Ideally it would go in bundle.subscribeData, but that is only exposed in the unsubscribe function.

Does anybody know of a way this could be accomplished? Or does Zapier just not consider this to be a pattern worth supporting?


Best answer by DanW_FS 3 April 2020, 15:48

View original

This post has been closed for comments. Please create a new post if you need help or have a question about this topic.

2 replies

Well, I asked support and the answer they gave was that this is not currently possible.

Userlevel 7
Badge +12

Thanks for letting us know, @DanW_FS and I’m sorry that this didn’t work out!