About Authenticating Webhook Requests

If your system uses OAuth 2.0 for authentication, you can ensure that every webhook request to your Incode system is authenticated. You can define these three authentication parameters:

• authentication URL
• client_id
• client_secret

To define these parameters, go toDashboard > Configuration > General.

Request Authentication Flow

When you configure authentication for webhook requests, Incode exchanges the client_id and client_secret for an access token. This token is then used to send future notifications.

This image shows a sample request issued to the authentication URL you configure in the Incode Dashboard.

curl --location '<configured authentication url>' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic <base64(client_id:client_secret)>' \
--data 'grant_type=client_credentials'

The following image shows an expected response example, which is a JSON body with two fields: access token, and expires_in:

{
  "access_token": "", //String, mandatory. Access token to be usend when sending notifications.
  "expires_in": 0000000000 //Number, mandatory. Access token expiration time in seconds.
}