Guides

Webhook Verification Secret

The Webhook Verification Secret is a required setting for Zesty instances using form webhooks. This setting provides a secure key that can be used to validates the authenticity of webhook requests sent from your instance.

Suggest Edits

Overview

The Webhook Verification Secret setting enhances the security of your webhook integrations by providing a mechanism for verifying the origin of webhook requests. When this setting is configured, the secret is added to the payload of all webhook submissions. If left blank, no verification secret will be included in the payload.

For more information on how webhooks work in Zesty.io, refer to the Forms and Form Webhooks Documentation.

When is this Required?

This setting is required when:

  • Your instance uses form webhooks to send data to external systems

If your instance does not use form webhooks, this setting is not required for normal operation.

How to add the setting?

New Instances

New Zesty instances include this setting by default under the Developer section.

Existing Instances

For existing instances, this optional setting can be added programmatically.

Instances API

  • Use the Instances API to programmatically configure the setting
  • Refer the the API Documentation

Required payload:

{
    "category": "developer",
    "key": "webhook_secret",
    "keyFriendly": "Webhook Verification Secret",
    "value": "",
    "admin": false,
    "parsleyAccess": false,
    "dataType": "text",
    "options": "",
    "tips": "A secure key used to verify the authenticity of webhook requests sent from this instance. When provided, this secret is included in the payload of all webhook submissions, allowing the destination to validate that the request originated from a trusted source. If left blank, no verification secret will be included in the payload."
}

Configuration

To configure the Webhook Verification Secret setting:

  1. Go to Settings in the left sidebar.
  2. Navigate to the Developer section.
  3. Locate the Webhook Verification Secret field.
  4. Enter a secure key of your choice.

Example:

my-secure-verification-key-12345
  1. Save your changes.

How It Works

When the Webhook Verification Secret is set, it is included in the payload of all webhook submissions under the _verification_key field. The destination system can use this key to validate that the request originated from your Zesty.io instance.

Example Payload:

{
    "submitted_from_url": "https://www.example.com/form-page",
    "submitted_at": "2023-10-15T12:34:56+00:00",
    "submitted_from_domain": "example.com",
    "_verification_key": "my-secure-verification-key-12345",
    "form_field_1": "value_1",
    "form_field_2": "value_2"
}

If the Webhook Verification Secret is not set, the _verification_key field will not be included in the payload.

Key Features

  • Enhanced Security: Adds a verification key to webhook payloads for origin validation.
  • Optional Setting: This setting is not required. If left blank, no verification key will be included.

Updated 11 days ago