Overview
To enhance the security of Catchpoint Webhooks, you can require requests to include a valid Token, which is based on a unique key and a secret value known only to you.
Once enabled, Webhook Tokens are automatically refreshed every 30 minutes, so any request made to an endpoint which does not have a current (or previous) token will be denied.
Implementation
Below are the actions which need to be done to accomplish this.
- Create a Catchpoint API test to capture the latest token from Catchpoint and send it to the Test Data Webhook Receiver system. This test should run at least once every 30 minutes, which is how often Catchpoint refreshes the Token.
- The REST API test script also creates a Global Variable where it stores the Token value. This Variable is stored on the Catchpoint system and may be accessed within any other script, or as in this case, the Alert Webhook Endpoint which will be set up later.
For example, here is an API test Script which grabs the Token and then posts it to the Alert Webhook Receiver.
// Step - 1
open("https://io.catchpoint.com/ui/api/token") // replace key and secret below
setNavigatePostData("grant_type=client_credentials&client_id=&client_secret=")
storeVariable("${Extract("resp-content", "regexp:token...(\w+)")}", "tokenBig") storeVariable("${hash('md5', '${extractVariable('tokenBig')}')}", "token") storeGlobalVariable("${ExtractVariable(token)}", "token")
// Step - 2
open("https://someurl.com/api/token") setNavigatePostData("token=${ExtractVariable(token)}") `
- In the Webhook Settings in the portal, add the globalVariable macro to the Endpoint URL or within a custom template.
For example:
https://someurl.com/api/alert/${globalVariable(token)}
This will send the latest token to the Endpoint at someurl.com