The first step to adding webhooks to your Indent webhook integration is to build your own custom endpoint. Creating a webhook endpoint on your server is no different from creating any page on your website. With PHP, you might create a new .php file on your server; with a Ruby framework like Sinatra or Rails, you would add a new route.
We recommend considering a serverless or containerized option and a dedicated cloud account for additional levels of security isolation. Check out the Okta webhook as an example.
When handling requests, webhooks should first verify the request is valid then check if there's available logic to process the request and respond with a 200 HTTP status code. At a high level, the pseudo-code looks something like this:
Indent signs all webhook requests it sends to your endpoints by including a signature in each request’s
X-Indent-Signature header. This allows you to verify that the requests were sent by Indent, not by a third party. You can verify signatures either using our official libraries, or manually using your own solution.
There is also an
X-Indent-Timestamp header included in every request to provide an extra layer of certainty when it comes to the timeliness of requests, like preventing a time replay attack.
There are currently only two kinds of webhooks:
- Change management — these webhooks receive Command Events like
access/revokein order to provision or deprovision access in a remote system.
- Pull update — these webhooks receive a list of Resource Kinds like
myapp.v1.Adminand respond with a list of API objects to bulk update as Resources.
Looking for a specific provider? Use one of our pre-built sample webhooks to get started.
Here is the starting point of a sample change management webhook:
Looking for a specific provider? Download one of our pre-built sample webhooks to get started.
Here is the starting point of a sample pull update webhook: