Secure Sentinel notify webhook with shared secrets

This is a feature request to enable sending a header with a shared secret (something like X-OZ-Sentinel: abdef123456) to in order to secure webhooks listening to events from Sentinel. Right now the only workaround I can think of is adding adding a shared secret as a query parameter in the Webhook URL (ex.

1 Like

Hi @brooklynbagel

Thank you for reaching out!

This is definitely something that we would want to consider.
I have relayed your request internally, and we will keep you posted on the outcome.

1 Like

@nami how is this requirement status? we are quite urgently require this feature for protecting our webhook spoofing for our live system.
the query parameter secret in url is not good because everyone can see the secret.
By the way, will sentinel server send the request with certain domain, can i implement the IP filter (domain control) to make sure only request from Sentinel server will be accepted by our webhook end point?

This is really a must have for a product suite built for security.

@nami Do you want help with specs for this? I could write something up that's pretty standard for systems like this.