I use the web hook URL service of Sentinel.
I would like to permit the request only from Sentinel,
however, the IP address of Sentinel is not static,
so IP address blocking does not work.
Can I use an auth header with Sentinel?
Environment
Details
Code to reproduce
Hi @ikeda1729,
Thanks for reaching out and sorry for the late response.
Unfortunately we do not have a built in mechanism for validating webhook requests and since our sentinels are in a serverless architecture the IP addresses are non static. There are 2 options you have for some type of auth, both with tradeoffs:
Instead of triggering a webhook you could trigger an autotask - this would allow you to send a request to your webhook URL from inside the autotask, you could add headers/signatures along with your request. If you need any more info on this let me know.
Adding a query param to the webhook URL - this is a smaller change and easier to verify, but its not as secure.
Thank you @dylkil
OK, I can customize the header with Auto Task,
Thank you.