Mutual TLS (mTLS)
Availability: on request
Mutual TLS (mTLS) in the context of webhook authentication is a strong security mechanism that ensures both the sender (webhook provider) and receiver (webhook consumer) authenticate each other using TLS certificates.
This option can be used as a stand alone option or in conjunction with other authentication methods, i.e. mTLS + Basic authentication.
Certificate Setup for mTLS and OAuth with Client Certificate
For using mTLS or the OAuth flow with client certificate, we need to create certificates that identify alloy as a legitimate client sending webhook requests to the Customer’s server. Broadly speaking, in order to do this, we need to :
- create a private/public key pair
- create a certificate signing request (CSR)
- send the CSR to the Customer
- Customer sends us the certificate back
- We install the certificate in Alloy’s database
- When the certificate is added to the Alloy database, it will show up on the webhook configuration screen in the dashboard
Updated 5 days ago