Webhooks and Authentication

[Steve Giller]

Do webhooks support basic HTTP Authentication?

If not is this something that could be considered?

We were looking at potentially using the Service Manager interface to fire an update into Orchestrator but this requires authentication.

[TrevorKillick]

Hi Steve

WebHooks do not support Any HTTP Authentication just a plain HTTP POST/JSON with XML or JSON. We are working on extending out integration efforts at the moment a new "webCall" node can be found in BPM -> 

that may help you. 

Any chance you could give a brief explanation as to what you are trying to achieve with Orchestrator?

Kind Regards

Trevor Killick

[Gerry]

Steve,

Which orchistrator are you talking about, Microsoft Orchistrator? HP OO? something else?  As Trev mentioned above, Integration is a current theme and we have some interesting stuff in the works, can we find out a bit more about what you are trying to achieve.

As for the question around basic authentication, the web hooks dont support that, typically you would use HTTPS and you would provide some kind of API key as an argument on the URL, but that does very much depend on the target system you are firing web-hook originated events at.  The typical scenario would be to fire the even at some "glue" code running on one of your servers and then do whatever you need from within there. 

Gerry

[Steve Giller]

All we are really looking to achieve is keeping our minor information changes/updates (e.g. Owners, Locations etc.) in one place, and as Service Manager is what the analysts are used to using and has the more user-friendly interface that would be our first choice.

So we would like, for example, to trigger a Microsoft System Center Orchestrator workflow when the Owner is updated to push that into AD/SCCM but this requires us to offer valid LDAP credentials via Basic HTTP Authentication.

Edited March 17, 2017 by DeadMeatGF
Spotted Gerry's question as I typed!

[Gerry]

@DeadMeatGF

OK, that makes sense. So the problem would be, the format of the XML content emanating out of our system in the web-hook payload will not match what  your orchestration needs, how would you solve that?  (sorry, I dont know MS Orchestrator). 

We could add basic authentication to WebHooks I would have thought, as we are just introducing our own keychain solution for securely holding credentials for exactly that sort of thing. 

Gerry

[Steve Giller]

I'm told the MS Orchestrator workflow can use JSON payloads, possibly XML too (I'm only just learning that myself!) so it's only the authentication part that we're missing.

[Gerry]

@DeadMeatGF

Ok I will organise for us to add Basic and Digest authentication support to web hooks.  However this is going to depend on a new "KeySafe" feature we have added for managing credentials securely, so this will not be available for a couple of weeks.   If you find out more about what you are doing (or able to do) please let us know. 

Gerry

[Steve Giller]

Thanks Gerry,

We're currently in the investigation stage so two weeks or so isn't going to impact us.

[Gerry]

@DeadMeatGF

WebHooks now support both basic and digest authentication, this should be available on live within the next 14 days, probably earlier. 

Gerry

[Steve Giller]

/giphy Happy