Webhook security

To prevent unauthorised users from posting content to your webhook, Codat can add an Authorization header to the requests sent. You can set this up either via the Codat portal or API.

Enable webhook security in the Codat portal

To enable security for your organisation's webhooks.

  1. Log in to the Codat portal.
  2. Select Account > Profile.
    The Manage Profile page is displayed.
  3. Scroll down the page to the Alerting panel.
  4. Select the authorisation method you're interested in and enter the required information. By default, No Authorisation is selected as security is turned off.

Authorisation method or scheme



A base-64 encoded username and password is added to the authorisation header of the HTTP request.


A custom value or token is added to the authorisation header.

Enable webhook security via the API

To enable webhook security, use any valid header value in ASCII in the alertAuthHeader. For example:

PUT https://api-uat.codat.io/profile

    "name": "Client Name"
    "logoUrl": "https://logo.png"
    "iconUrl": "https://icon.ico"
    "redirectUrl": "https://link.com/complete"
    "apiKey": "API-KEY"
    "alertAuthHeader": "Basic amFzb246cGFzc3dvcmQ=" // API accepts any raw string value
    "confirmCompanyName": false

The authorisation header is included in all webhook alerts sent to your account.

Disable webhook security for specific rules

If you want to override webhook security for specific rules, please contact support.

Did this page help you?