How the Webhook Security works?
Hi, π I saw that the Security tab in the Webhook options has HTTP Auth where we can enter a username and password.
In this case, this information is encoded in Base64. How will it protect my endpoint?
PS: I use other means to secure the endpoint these days.
this information is encoded in Base64 What your mean by that?
Are you refereeing to the username and password your Appwrite will use to post the event to the given endpoint url?
The user and password for the HTTP request will be saved as plain text in the database. https://github.com/appwrite/appwrite/blob/master/app/controllers/api/projects.php#L878-L879
About Base64, I forget the β?β.
Yes I referred about the username and password.
Guess the message can clarify that
password is actually encrypted π
I stand corrected
A detail that I still donβt understand is about its use.
How is this security applied to my endpoint?
This is actually from Appwrite outside
Even having an external endpoint?
When adding Webhook in Appwrite That mean you have an external endpoint in which you want to send the data
One way to protect that endpoint is by using HTTP Basic auth, so any other user if they find out about this URL won't be able to abuse it
Like so
Hmm
Maybe you've looked for a way to use Appwrite as a Webhook?
So other apps can use Appwrite as their target endpoint?
Exactly.
So, In the next version of Appwrite 1.4. that will be part of the functions module
As of now you can check this https://discord.com/channels/564160730845151244/564160731327758347/1126589863819489280
Currently I do this, create an endpoint and receive the events from Appwrite, to protect the endpoint there I use a JWT.
Very cool.
How've you created the endpoint? using an external framework? or?
Yes, external framework. NodeJS, Express.
Oh so you can add http basic-auth to your Express endpoint, Then, you can add those details to the Appwrite webook
