Skip to content
Start project
Back

How the Webhook Security works?

  • 0
  • Self Hosted
View on Discord
Binho.dev πŸ’™
2 Aug, 2023, 16:09

Hi, πŸ‘‹ I saw that the Security tab in the Webhook options has HTTP Auth where we can enter a username and password.

In this case, this information is encoded in Base64. How will it protect my endpoint?

PS: I use other means to secure the endpoint these days.

TL;DR
The user is asking about how the Webhook Security works in Appwrite. They mention adding http basic-auth to an Express endpoint and how they currently protect their endpoint using JWT. They also ask about using Appwrite as a Webhook and inquire about the security applied to their endpoint. In response, someone clarifies that the HTTP username and password are encrypted and saved in the database, and the information is encoded in Base64. The user then mentions that they currently use other means to secure their endpoint. No solution or further discussion is provided in the thread.
Binyamin
2 Aug, 2023, 16:16

this information is encoded in Base64 What your mean by that?

Are you refereeing to the username and password your Appwrite will use to post the event to the given endpoint url?

Binyamin
2 Aug, 2023, 16:22

The user and password for the HTTP request will be saved as plain text in the database. https://github.com/appwrite/appwrite/blob/master/app/controllers/api/projects.php#L878-L879

Binho.dev πŸ’™
2 Aug, 2023, 16:28

About Base64, I forget the β€œ?”.

Yes I referred about the username and password.

Binyamin
2 Aug, 2023, 16:28

Guess the message can clarify that

Drake
2 Aug, 2023, 16:29

password is actually encrypted πŸ˜‰

https://github.com/appwrite/appwrite/blob/fcd4a69ad1b3db67c6d89f02c5f230c2038a4b35/app/config/collections.php#L1162C16-L1162C16

Binyamin
2 Aug, 2023, 16:30

I stand corrected

Binho.dev πŸ’™
2 Aug, 2023, 16:35

A detail that I still don’t understand is about its use.

How is this security applied to my endpoint?

Binyamin
2 Aug, 2023, 16:35

This is actually from Appwrite outside

Binho.dev πŸ’™
2 Aug, 2023, 16:36

Even having an external endpoint?

Binyamin
2 Aug, 2023, 16:37

When adding Webhook in Appwrite That mean you have an external endpoint in which you want to send the data

One way to protect that endpoint is by using HTTP Basic auth, so any other user if they find out about this URL won't be able to abuse it

Binyamin
2 Aug, 2023, 16:37

Like so

Binho.dev πŸ’™
2 Aug, 2023, 16:41

Hmm

Binyamin
2 Aug, 2023, 16:41

Maybe you've looked for a way to use Appwrite as a Webhook?

Binyamin
2 Aug, 2023, 16:42

So other apps can use Appwrite as their target endpoint?

Binho.dev πŸ’™
2 Aug, 2023, 16:43

Exactly.

Binyamin
2 Aug, 2023, 16:44

So, In the next version of Appwrite 1.4. that will be part of the functions module

Binyamin
2 Aug, 2023, 16:44

As of now you can check this https://discord.com/channels/564160730845151244/564160731327758347/1126589863819489280

Binho.dev πŸ’™
2 Aug, 2023, 16:46

Currently I do this, create an endpoint and receive the events from Appwrite, to protect the endpoint there I use a JWT.

Binho.dev πŸ’™
2 Aug, 2023, 16:47

Very cool.

Binyamin
2 Aug, 2023, 16:47

How've you created the endpoint? using an external framework? or?

Binho.dev πŸ’™
2 Aug, 2023, 16:55

Yes, external framework. NodeJS, Express.

Binyamin
2 Aug, 2023, 16:56

Oh so you can add http basic-auth to your Express endpoint, Then, you can add those details to the Appwrite webook

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more