Webhook Configuration
Enabling a Webhook URL will allow you to receive user session results at an external endpoint.
How To Enable Webhook on your Workflow
Go to Workflows > "Your Workflow" > "Start Change Request"
Go to General > Advanced > Scroll until you see Enable Webhook and toggle it "Yes"
Next, begin selecting your webhook's Authorization Type.
...
Authorization types
Besides No Authentication, IDDataWeb supports two Webhook Authorization Types:
- Basic
- OAuth2.0
The required fields for each are:
- Basic Authentication:
- URL (webhook): https://api.example.com/api/webhook
- Credentials (webhook): Username and Password
- OAuth2.0 Authentication:
- URL (webhook): https://api.example.com/api/webhook
- URL (token): https://api.example.com/api/token
- Credentials (token): Username and Password... or Client ID and Client Secret.
Basic Authentication
AXN admin will create an Authorization string based on your Username + Password encoded as a Base 64 String (separated by colon ":")
username:password → ZXhhbXBsZVVzZXI6ZXhhbXBsZVBhc3M=
...and will append it to the subsequent Webhook request as a Basic Authorization Header.
Authorization: Basic ZXhhbXBsZVVzZXI6ZXhhbXBsZVBhc3M=
OAuth2.0
AXN admin will create an Authorization string based on your Username + Password encoded as a Base 64 String (separated by colon ":")
username:password → ZXhhbXBsZVVzZXI6ZXhhbXBsZVBhc3M=
...and will append it to the subsequent Token request as a Basic Authorization Header.
Authorization: Basic ZXhhbXBsZVVzZXI6ZXhhbXBsZVBhc3M=
...to then retrieve an access token:
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "8xLOxBtZp8",
}
And lastly, append it to the Webhook request as a Bearer Authorization Header.
Authorization: Bearer ZXhhbXBsZVVzZXI6ZXhhbXBsZVBhc3M=
Advanced Webhook Configurations... and best practices
- Include User Data [set to Yes] - this will include end user PII in the endpoint
- Add Flat Endpoint [set to Yes] - this will allow you to receive the response as a flat value (as opposed to a nested value) which makes the data structure simpler to parse
Configuration Options
| Secure Webhook | Enable Basic Authentication on the Webhook (POST) |
| Include User Data | Enable User PII being included in the endpoint |
| Add Flat Endpoint | Enable flattening the standard JSON object returned |
| Replace API Key Value | Replace API Key value with a customer string, useful for OneTrust Integrations |
| Add Webhook Wrapper Object | Wraps the standard JSON object in named value, useful for Sailpoint Integrations |
Query String Token Authentication
Webhook integrations that rely on bearer tokens (e.g. using OneTrust for a DSAR use case) need to use query string token authentication; a bearer token should be set to the maximum expiry acceptable to you and appended to the end of your webhook URL in the following fashion:
https://onetrust.com/integrationmanager/api/v1/webhook/dd4b3e6c-5fad-493c-b6f3-b82e35664147?-Authorization=Bearer%20ABClLiY2OHXkZGNtNGOpZDhyMGT3M2YuRTNjeSBlNbv5UTB1950clSuNVMVlcidUtZr3aMbFpIuDlJMjlkTho=
Updated about 1 month ago