Hello Everyone,
I am looking for some suggestions on the Securing Webhook topic in WF Fusion.
Below are the details
1. I tried to use the OOB Webhooks module to generate a Webhook, that will be used by a third party to POST Json objects.
2. I would like to consume this data & perform a mapping functionality, that'll be later used to create a Workfront object.
The Questions I have are as below,
1. How do I secure this webhook ? IP whitelisting would not work in my case as we are using ALB of GCP (i.e) Dynamic IP. Note: the reply on this post wasn't helpful because the user who posts the json doesn't have to be on WF.
2. Frame.io seems like a good alternative to webhooks, but does it come with an additional cost ?
Thanks in advance !
Solved! Go to Solution.
Topics help categorize Community content and increase your ability to discover relevant content.
Views
Replies
Total Likes
This is a known problem with how Fusion/Make.com deal with webhooks. It has no way to, for example, allow JWT or OAuth 2.0 to allow for proper security. If you know the webhook URL or the static header values in use, you can call it. JWT would be much more proper in 2025+. I'd suggest you file an Idea in the Workfront Fusion forum here.
Hi @HarishDe
Not sure how Frame.io factors into securing webhooks, but you have 2 options:
either way, it'll be one or more static strings you check.
Of course you could get crafty and create an "auth scenario" that expects a couple values (say a user email and a key) that you could store in a datastore, and if they match, you store a "session" variable along with that data store record. Then you return a 302 redirect to the actual scenario with the "session" in the URL, and the requesting app accesses the real scenario which does a check whether the session is valid.
This is a known problem with how Fusion/Make.com deal with webhooks. It has no way to, for example, allow JWT or OAuth 2.0 to allow for proper security. If you know the webhook URL or the static header values in use, you can call it. JWT would be much more proper in 2025+. I'd suggest you file an Idea in the Workfront Fusion forum here.