Make business central webhooks use a authentication for its notifications

127 Views Asked by maco At 12 October 2023 at 20:10

I have to provied an API to receive webhook notifications from business central. To give this some kind of protection I would like to use basic auth on it.

Is there a way to make BC365 use basic auth when sending notifications? I tried to include the credentials into the registered url like this, but that doesn't seem to work as expected.

{
    "notificationUrl": "https://user:pwd@url/items",
    "resource": "/api/v2.0/companies(xyz)/items",
    "clientState": "myState"
}

Any other ideas, how have this endpoint not completely open to public exploration...?

Original Q&A

There are 1 best solutions below

kaspermoerch On 13 October 2023 at 12:19

The URL in notificationUrl needs to be open access.

Apart from the mandatory handshake when registering your subscriber the only extra security available is to include a clientState in the registration.

This clientState will then be included in all the notifications sent to your notificationUrl and you can use that to validate if the request comes from your subscription and not somewhere else.

I suggest you use a value for clientState that resembles a clientSecret for OAuth2 authentication.

For more information check you the documentation for working with webhooks.

Make business central webhooks use a authentication for its notifications

There are 1 best solutions below

Related Questions in DYNAMICS-BUSINESS-CENTRAL

Related Questions in BUSINESSCENTRAL

Trending Questions

Popular # Hahtags

Popular Questions