Original publication date: December 15, 2020
Question:
We require mSSL (mutual SSL authentication) for all inbound requests when the API pushes notifications/status updates to through Webhooks? Do you support that authentication?
Answer:
We don't support mSSL for webhook delivery.
We support basic authentication over https that you configure when you register for the event and we sign all outgoing webhooks with a secret, unique to you. You can also add our origin IP address to your allowlist as an extra layer of protection.
For more information, see: https://docs.crbcos.com/cos-api/docs/webhook-registrations and https://docs.crbcos.com/cos-api/docs/webhook-signatures