CA
conscious-sapphire
Webhook security
Hello, I am interested in setting a webhook to receive events when a particular actor run has succeeded. However, I want to be able to secure my endpoint to ensure that only Apify can invoke it.
I found an earlier post from June suggesting that this isn't possible but the Apify documentation suggests otherwise:
https://discord.com/channels/801163717915574323/1115873908046966864
The documentation says to do the following:
https://docs.apify.com/platform/integrations/webhooks/actions
However, I am unsure of what this means. Does anyone have any advice? For additional context, I am using AWS API Gateway.
Actions | Platform | Apify Documentation
Send notifications when specific events occur in your actor (task) run or build. Dynamically add data to the notification payload when sending the notification.
3 Replies
Hi @Omar Abdelkader I think it is related to implementing URL parameter on your endpoint, so they would work as
https://my.api.com/entity/add?token=__VERY_SECRET_TOKEN__
but it wouldn't work as https://my.api.com/entity/addconscious-sapphireOP•2y ago
@Pepa J Thanks for the repsonse and sorry for the delay at my end. How would I configure Apify to automatically include this query parameter in the webhook request?
I know how to parse it and verify if it is identical to my secret server-side but I am not currently receiving any value from Apify
@Pepa J Oh -- I think I understand now. So you're saying I should hard-code the
?token=__VERY_SECRET_TOKEN value into value for the webhook endpoint in Apify. Then, I can parse the query parameters and verify it server-side. Is that correct?wise-white•2y ago
yes