Re: Web Hooks
Posted: Mon Oct 28, 2019 11:05 pm
SBarnes wrote:Further to this how would the incoming hook end up with a logged in manager to work with, as the only way I am assuming you could do it is with an api key as part of the query string held by the sender as username and password are definitely not going to work?
To answer specifically this part of your question:
SBarnes wrote:username and password are definitely not going to work?
For all intents and purposes, correct.
But not quite... If a sender to one of our routes is a webhook from another 3rd party API that has the ability to authenticate using credentials authentication (username and password), and can read that response containing the Session Id in the response and make a subsequent request passing the session id as a request header before the session times out, then it will work.
API Keys would work better, and that is what is recommended for the use case of using the Jiwa API to receive webhooks from 3rd party API's.