Best practices for configuring webhook authentication in Decisions (utility user, session ID, etc.)
When setting up webhooks in Decisions, what are the best practices for choosing an authentication setup? Should I create a utility user with minimal permissions, generate a session and reuse the session ID, or use a named session? Any advice on securely configuring and permissioning these options would be appreciated.
Comments
-
Hello,
It is recommended to use a Named Session tied to a user account with only the permissions needed for the webhook’s actions. Here’s how to do it:
Resolution Steps:
Create a Named Session: Go to Settings > Security > Named Sessions > Add Named Session, and select the appropriate user.
Assign least privilege: Ensure the user account for the Named Session has only the permissions required for the webhook.
Configure the webhook: In your webhook integration, select the Named Session as the authentication type.
This approach is secure, manageable, and aligns with least privilege principles.
Hope this helps!
Relevant Documentation:
Named Sessions Documentation - https://documentation.decisions.com/docs/named-session?highlight=named%20sessions
Creating Webhooks - https://documentation.decisions.com/docs/creating-webhooks
Best Practices for External Integrations - https://documentation.decisions.com/docs/best-practices-for-decisions-deployment?highlight=best%20practices%20for%20external%20integrations
Howdy, Stranger!
Categories
- 4.5K All Categories
- 86 General
- 13 Training
- 212 Installation / Setup
- 1.2K Flows
- 112 Rules
- 277 Administration
- 215 Portal
- 503 General Q & A
- 721 Forms
- 355 Reports
- 3 Designer Extensions
- 47 Example Flows
- 58 CSS Examples
- 1 Diagram Tile
- 8 Javascript Controls
- 189 Pages
- 5 Process Mining
- New Features
- 187 Datastructures
- 72 Repository
- 237 Integrations
- 30 Multi-Tenant
- 27 SDK
- 81 Modules
- 60 Settings
- 26 Active Directory
- 12 Version 7
- 36 Version 8
- 143 Lunch And Learn Questions