Feature Alert March ’18: More options to secure your webhooks

Raz Said feature-alert

webhook security

While we are still working on a few major UX / UI enhancements of the elastic.io dashboard, we actually have some news on the non-UI side of our platform we’d like to share. The short version – it’s about giving you more options to webhook security . The long version… well.

Secure your webhooks your favourite way

If you’re using our webhooks, you have probably noticed that the URL for our webhooks always remains the same. The only thing that changes from webhook to webhook is their IDs, which are simply added at the end of this URL. As you can probably imagine, this is not the most reliable procedure to webhook security, now is it?

So, about a year ago we introduced HMAC, which stands for (Hash-based Message Authentication Code). HMAC basically helped make sure that the data which a webhook receives, comes from a specific person and not from some random Internet user.

The thing to keep in mind, though, is that HMAC is not exactly a method of authorization. It is very secure, for sure, but it is just a signature, and quite a complex one to create. This is why HMAC is now making room for some proper authorization methods.

So, now, when you select a webhook connector, you will have 4 options to choose from a drop-down menu. You can decide to go on without any authorization at all – No Auth -, and the HMAC verification is still available, too. But in addition to that, you can choose to secure your webhooks with either basic authorization (Basic Auth) or API Key authorization.

Depending on your choice of the authorization method, you will see respective fields to fill in.

Try them out and let us know what you think about them and whether there is anything to should add.

Also, even though this aforementioned major UI update is yet to come, we have already made some changes in the dashboard:

Greater stability due to an accurate flow status

If you are already a heavy user of the elastic.io integration platform, then you might have noticed that the integration flow status buttons behave a bit differently now. And what’s different now is that they show their actual current status as it is. So, if it is “Starting”, then it is really starting, and when it is “Running”, it is really running.

new flow status

This is quite a small change of the elastic.io UI, but the technical mechanics that are underlying this change have a big effect on the overall performance of the platform. It is not only about a higher visibility and transparency about what exactly is happening with your integration flow at a specific moment. It is also about a greater stability of the platform in general.

What’s coming:

Like I mentioned, we have been working on some UX / UI improvements lately. So, basically, the changes that I’ve written about above are just the start. There is more to come, and boy you’re gonna like it (at least, we hope so 🙂 ).

Without going into too much detail – after all, we still want it to have an element of surprise when you open your elastic.io dashboard -, the huge change is going to happen in the area of the Runlog. It has something to do with a much cleaner design, better order and immensely improved searchability thanks to filters introduction. More on that – in due time.  

Stay tuned for further info!

In the meantime, why don’t you check out the new changes yourself… and maybe authorize some of those webhooks you’ve had lying around 😉


Request Live Product Tour


About the Author

Raz Said


You might want to check out also these posts