Manage Secret Key screen
Configures secret keys to authenticate webhook notifications.
Prerequisites
- AgilePoint NX OnDemand (public cloud), or AgilePoint NX PrivateCloud or AgilePoint NX OnPremises v7.0 Software Update 2 or higher.
Good to Know
- When you configure a webhook to use secret keys, AgilePoint Server creates a cryptographic digest of the notification body and attaches it in a header. When your application receives the webhook notification, it can compute the digest and compare it to the one attached to the message. If the digests are not the same, then the notification is not authentic.
- Even though AgilePoint NX sends both a primary secret key and secondary secret key with a webhook notification, only one of these keys is required to authenticate the notification.
- When you configure or change secret keys in webhooks, you must share that new secret keys to the notification handler for your recipient application, so the keys can be used to use to validate the webhook notifications.
- AgilePoint recommends that you change the secret keys periodically. However, the primary and secondary secret keys should not be changed at the same time. If you change both secret keys at the same time, you may miss some notifications that occur between the time they are changed in AgilePoint NX and the time they are changed in your webhook recipient application. Instead, AgilePoint recommends that you change the primary and secondary keys one at a time on a periodic schedule. For example, you might change the primary key on January 1, the seconary key on February 1, and so on.
How to Start
- In the Manage Center, click System > Webhooks.
- On the Webhooks screen, click Manage Secret Key.
Fields
Field Name | Definition |
---|---|
Primary Secret Key |
|
Secondary Secret Key |
|
Generate |
|
Copy |
|
View |
|