1. Using the Rapid Adapter Builder with Oracle Integration 3
  2. Work with the Adapter Definition Document
  3. Update Trigger Definitions
  4. Learn About Trigger Definitions
  5. Introduction to Trigger Definitions
  6. What is Webhook Security

What is Webhook Security

Webhooks require the external application or service to send the event to the Rapid Adapter Builder platform using the HTTP protocol. Before the Rapid Adapter Builder platform consumes the messages, the adapter developer must include security logic to authenticate and validate that the messages come from the correct source or sender. By default, Oracle Identity Service enforces the security of dynamic and factory endpoints for Oracle Integration. External enterprise applications or services may also transmit validation information during this exchange of messages. For example, the message may include an event specific key. This key is verified with the key sent with the event, thus allowing the receiver to verify that the message is sent from the correct source.

Webhooks can implement security in the following areas:

  • Registration of the webhook during activation.
  • Reception of webhook message during runtime.

Some business scenarios may require the trigger to invoke APIs of the external application or service, thus requiring authentication mechanisms before invoking. To handle this scenario, the adapter developer can design a composite security policy in the connection section of the adapter definition document. For more information in how to configure a trigger connection that can support inbound message authentication, see Authenticate and Validate Webhook Messages and Create a Trigger Connection Definition to Invoke Protected Endpoints.