Autenticating webhook requests

If your system uses OAuth 2.0 for authentication, it is possible to define the following authentication parameters: authentication URL, client_id and client_secret so that every webhook request to your system will be authenticated.

Authentication parameters are set in the Incode dashboard, under the Configuration -> General section.

In an authentication flow, Incode will exchange the client_id and client_secret for an access token, which will be used for sending future notifications.

OAuth2.0 authentication requests

curl --location '<configured authentication url>' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic <base64(client_id:client_secret)>' \
--data 'grant_type=client_credentials'

The above request will be issued to the authentication URL that you have configured in the dashboard, the expected response should contain a json body with 2 fields: access token, and expires_in:

{
  "access_token": "", //String, mandatory. Access token to be usend when sending notifications.
  "expires_in": 0000000000 //Number, mandatory. Access token expiration time in seconds.
}