{"id":39109,"date":"2018-07-31T10:36:22","date_gmt":"2018-07-31T00:36:22","guid":{"rendered":"https:\/\/developers.messagemedia.com\/?p=854"},"modified":"2018-07-31T10:36:22","modified_gmt":"2018-07-31T00:36:22","slug":"introducing-messagemedia-enterprise-webhooks","status":"publish","type":"blog","link":"https:\/\/messagemedia.com\/au\/blog\/introducing-messagemedia-enterprise-webhooks\/","title":{"rendered":"Introducing MessageMedia Enterprise Webhooks"},"content":{"rendered":"<p>\u201cMy application is immune to security risks.\u201d said no one ever.<\/p>\n<p>In an ever-growing world of web applications, security is an absolute necessity. As I\u2019ve discussed in a <a href=\"https:\/\/developers.messagemedia.com\/secure-webhooks-webhooks\/\">previous article<\/a>, Webhooks albeit being incredibly useful can create some dangerous security vulnerabilities in your application if not taken care of properly.<\/p>\n<p>&nbsp;<\/p>\n<h3><strong>Webhook security tactics<\/strong><\/h3>\n<p>The first step to securing communications is to force TLS connections or in other words, only accept SSL compliant (https) websites. Now, you can apply a number of different solutions to secure your connection. Let\u2019s talk about what these methods are.<\/p>\n<ul>\n<li>Token-based authentication &#8211; Tokens can be added to the callback URL while configuring your webhook. The URL might look like <a href=\"https:\/\/www.myapplication?auth=TOKEN\">https:\/\/www.myapplication?auth=TOKEN<\/a><\/li>\n<li>Basic authentication &#8211; Basic authentication is a simple authentication scheme where the client sends requests with the Authorisation header that contains the word Basic word followed by a space and a base64-encoded string containing your username and password.<\/li>\n<\/ul>\n<p>These methods work great to prevent most attacks; however, they have some obvious drawbacks. Both methods send their auth tokens along with the request and the biggest flaw of the latter method is that the string is encoded NOT encrypted which means the Base64 string can easily be reversed. There is a third method which is not as widely used as it should be. This method relies on either symmetric (eg: HMAC) or asymmetric encryption (eg: RSA) to encrypt the data being sent between two parties.<\/p>\n<p>&nbsp;<\/p>\n<h3><strong>Enterprise Webhooks<\/strong><\/h3>\n<p><a href=\"https:\/\/developer.github.com\/webhooks\/securing\/\">Github<\/a>\u00a0uses token-based authentication, <a href=\"http:\/\/anymail.readthedocs.io\/en\/stable\/tips\/securing_webhooks\/\">Anymail<\/a>\u00a0uses Basic authentication,\u00a0<a href=\"https:\/\/www.elastic.io\/secure-your-webhooks\/\">Elastic.io<\/a>\u00a0uses HMAC but here at MessageMedia we do things differently. Our\u00a0Enterprise Webhooks system uses RSA to securely encrypt your data before transmission. But why RSA? Why not HMAC or any other cryptosystem?<\/p>\n<p>The decision to use RSA was made with you in mind. Unlike other APIs, we support your needs for key rotation policies. This means you will have the power to create, delete or even replace their previous private key with a new one. Furthermore, we provide more flexibility as you can specify the digest type (SHA-224, SHA-256 or SHA-512 all of which are unbroken digest algorithms) and effectively use an RSA encryption on the digest.<\/p>\n<p>A drawback of using RSA is that it is computationally slower than HMAC but this can be seen as a minor compromise for a major gain. What this means is that since we&#8217;re not holding onto your half of the key, even if MessageMedia\u2019s Key Management datastore is compromised, you will not be affected.<\/p>\n","protected":false},"author":0,"featured_media":8951,"menu_order":225,"template":"page-blog-v2.php","meta":{"_acf_changed":false,"popular":false,"coming_soon":false,"link":"","footnotes":""},"blog_category":[37],"class_list":["post-39109","blog","type-blog","status-publish","has-post-thumbnail","hentry","blog_category-developers"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Introducing MessageMedia Enterprise Webhooks - Sinch MessageMedia Australia<\/title>\n<meta name=\"description\" content=\"In an ever-growing world of web applications, security is an absolute necessity. As I\u2019ve discussed in a previous article, Webhooks albeit being incredibly useful can create some dangerous security vulnerabilities in your application if not taken care of properly. Australia\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/messagemedia.com\/au\/blog\/introducing-messagemedia-enterprise-webhooks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Introducing MessageMedia Enterprise Webhooks - Sinch MessageMedia\" \/>\n<meta property=\"og:description\" content=\"In an ever-growing world of web applications, security is an absolute necessity. As I\u2019ve discussed in a previous article, Webhooks albeit being incredibly useful can create some dangerous security vulnerabilities in your application if not taken care of properly.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/messagemedia.com\/au\/blog\/introducing-messagemedia-enterprise-webhooks\/\" \/>\n<meta property=\"og:site_name\" content=\"Sinch MessageMedia\" \/>\n<meta property=\"og:image\" content=\"https:\/\/messagemedia.com\/wp-content\/uploads\/2018\/07\/dayne-topkin-78982-unsplash-scaled-e1591850397899.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"325\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/messagemedia.com\\\/au\\\/blog\\\/introducing-messagemedia-enterprise-webhooks\\\/\",\"url\":\"https:\\\/\\\/messagemedia.com\\\/au\\\/blog\\\/introducing-messagemedia-enterprise-webhooks\\\/\",\"name\":\"Introducing MessageMedia Enterprise Webhooks - Sinch MessageMedia\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/messagemedia.com\\\/au\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/messagemedia.com\\\/au\\\/blog\\\/introducing-messagemedia-enterprise-webhooks\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/messagemedia.com\\\/au\\\/blog\\\/introducing-messagemedia-enterprise-webhooks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/messagemedia.com\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/dayne-topkin-78982-unsplash-scaled-e1591850397899.jpg\",\"datePublished\":\"2018-07-31T00:36:22+00:00\",\"description\":\"In an ever-growing world of web applications, security is an absolute necessity. As I\u2019ve discussed in a previous article, Webhooks albeit being incredibly useful can create some dangerous security vulnerabilities in your application if not taken care of properly.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/messagemedia.com\\\/au\\\/blog\\\/introducing-messagemedia-enterprise-webhooks\\\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/messagemedia.com\\\/au\\\/blog\\\/introducing-messagemedia-enterprise-webhooks\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\\\/\\\/messagemedia.com\\\/au\\\/blog\\\/introducing-messagemedia-enterprise-webhooks\\\/#primaryimage\",\"url\":\"https:\\\/\\\/messagemedia.com\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/dayne-topkin-78982-unsplash-scaled-e1591850397899.jpg\",\"contentUrl\":\"https:\\\/\\\/messagemedia.com\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/dayne-topkin-78982-unsplash-scaled-e1591850397899.jpg\",\"width\":1024,\"height\":325,\"caption\":\"dayne topkin 78982 unsplash scaled e1591850397899\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/messagemedia.com\\\/au\\\/blog\\\/introducing-messagemedia-enterprise-webhooks\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/messagemedia.com\\\/au\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Blog\",\"item\":\"https:\\\/\\\/messagemedia.com\\\/us\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Introducing MessageMedia Enterprise Webhooks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/messagemedia.com\\\/au\\\/#website\",\"url\":\"https:\\\/\\\/messagemedia.com\\\/au\\\/\",\"name\":\"Sinch MessageMedia\",\"description\":\"Business SMS &amp; Messaging Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/messagemedia.com\\\/au\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/messagemedia.com\\\/au\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-AU\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/messagemedia.com\\\/au\\\/#organization\",\"name\":\"Sinch MessageMedia\",\"url\":\"https:\\\/\\\/messagemedia.com\\\/au\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\\\/\\\/messagemedia.com\\\/au\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/messagemedia.com\\\/wp-content\\\/uploads\\\/2024\\\/03\\\/logo-mm-sinch.svg\",\"contentUrl\":\"https:\\\/\\\/messagemedia.com\\\/wp-content\\\/uploads\\\/2024\\\/03\\\/logo-mm-sinch.svg\",\"width\":1,\"height\":1,\"caption\":\"Sinch MessageMedia\"},\"image\":{\"@id\":\"https:\\\/\\\/messagemedia.com\\\/au\\\/#\\\/schema\\\/logo\\\/image\\\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Introducing MessageMedia Enterprise Webhooks - Sinch MessageMedia Australia","description":"In an ever-growing world of web applications, security is an absolute necessity. As I\u2019ve discussed in a previous article, Webhooks albeit being incredibly useful can create some dangerous security vulnerabilities in your application if not taken care of properly. Australia","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/messagemedia.com\/au\/blog\/introducing-messagemedia-enterprise-webhooks\/","og_locale":"en_US","og_type":"article","og_title":"Introducing MessageMedia Enterprise Webhooks - Sinch MessageMedia","og_description":"In an ever-growing world of web applications, security is an absolute necessity. As I\u2019ve discussed in a previous article, Webhooks albeit being incredibly useful can create some dangerous security vulnerabilities in your application if not taken care of properly.","og_url":"https:\/\/messagemedia.com\/au\/blog\/introducing-messagemedia-enterprise-webhooks\/","og_site_name":"Sinch MessageMedia","og_image":[{"width":1024,"height":325,"url":"https:\/\/messagemedia.com\/wp-content\/uploads\/2018\/07\/dayne-topkin-78982-unsplash-scaled-e1591850397899.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/messagemedia.com\/au\/blog\/introducing-messagemedia-enterprise-webhooks\/","url":"https:\/\/messagemedia.com\/au\/blog\/introducing-messagemedia-enterprise-webhooks\/","name":"Introducing MessageMedia Enterprise Webhooks - Sinch MessageMedia","isPartOf":{"@id":"https:\/\/messagemedia.com\/au\/#website"},"primaryImageOfPage":{"@id":"https:\/\/messagemedia.com\/au\/blog\/introducing-messagemedia-enterprise-webhooks\/#primaryimage"},"image":{"@id":"https:\/\/messagemedia.com\/au\/blog\/introducing-messagemedia-enterprise-webhooks\/#primaryimage"},"thumbnailUrl":"https:\/\/messagemedia.com\/wp-content\/uploads\/2018\/07\/dayne-topkin-78982-unsplash-scaled-e1591850397899.jpg","datePublished":"2018-07-31T00:36:22+00:00","description":"In an ever-growing world of web applications, security is an absolute necessity. As I\u2019ve discussed in a previous article, Webhooks albeit being incredibly useful can create some dangerous security vulnerabilities in your application if not taken care of properly.","breadcrumb":{"@id":"https:\/\/messagemedia.com\/au\/blog\/introducing-messagemedia-enterprise-webhooks\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/messagemedia.com\/au\/blog\/introducing-messagemedia-enterprise-webhooks\/"]}]},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/messagemedia.com\/au\/blog\/introducing-messagemedia-enterprise-webhooks\/#primaryimage","url":"https:\/\/messagemedia.com\/wp-content\/uploads\/2018\/07\/dayne-topkin-78982-unsplash-scaled-e1591850397899.jpg","contentUrl":"https:\/\/messagemedia.com\/wp-content\/uploads\/2018\/07\/dayne-topkin-78982-unsplash-scaled-e1591850397899.jpg","width":1024,"height":325,"caption":"dayne topkin 78982 unsplash scaled e1591850397899"},{"@type":"BreadcrumbList","@id":"https:\/\/messagemedia.com\/au\/blog\/introducing-messagemedia-enterprise-webhooks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/messagemedia.com\/au\/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https:\/\/messagemedia.com\/us\/blog\/"},{"@type":"ListItem","position":3,"name":"Introducing MessageMedia Enterprise Webhooks"}]},{"@type":"WebSite","@id":"https:\/\/messagemedia.com\/au\/#website","url":"https:\/\/messagemedia.com\/au\/","name":"Sinch MessageMedia","description":"Business SMS &amp; Messaging Platform","publisher":{"@id":"https:\/\/messagemedia.com\/au\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/messagemedia.com\/au\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-AU"},{"@type":"Organization","@id":"https:\/\/messagemedia.com\/au\/#organization","name":"Sinch MessageMedia","url":"https:\/\/messagemedia.com\/au\/","logo":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/messagemedia.com\/au\/#\/schema\/logo\/image\/","url":"https:\/\/messagemedia.com\/wp-content\/uploads\/2024\/03\/logo-mm-sinch.svg","contentUrl":"https:\/\/messagemedia.com\/wp-content\/uploads\/2024\/03\/logo-mm-sinch.svg","width":1,"height":1,"caption":"Sinch MessageMedia"},"image":{"@id":"https:\/\/messagemedia.com\/au\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/messagemedia.com\/au\/wp-json\/wp\/v2\/blog\/39109","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/messagemedia.com\/au\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/messagemedia.com\/au\/wp-json\/wp\/v2\/types\/blog"}],"version-history":[{"count":0,"href":"https:\/\/messagemedia.com\/au\/wp-json\/wp\/v2\/blog\/39109\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/messagemedia.com\/au\/wp-json\/wp\/v2\/media\/8951"}],"wp:attachment":[{"href":"https:\/\/messagemedia.com\/au\/wp-json\/wp\/v2\/media?parent=39109"}],"wp:term":[{"taxonomy":"blog_category","embeddable":true,"href":"https:\/\/messagemedia.com\/au\/wp-json\/wp\/v2\/blog_category?post=39109"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}