Manage Secret Key screen

Configures secret keys to authenticate webhook notifications.

Figure: Manage Secret Key screen

Manage Secret Key

Prerequisites

Good to Know

  • When you configure a webhook to use secret keys, AgilePoint Server creates a cryptographic digest of the notification body and attaches it in a header. When your app receives the webhook notification, it can compute the digest and compare it to the one attached to the message. If the digests are not the same, then the notification is not authentic.
  • Even though AgilePoint NX sends both a primary secret key and secondary secret key with a webhook notification, only one of these keys is required to authenticate the notification.
  • When you configure or change secret keys in webhooks, you must share that new secret keys to the notification handler for your recipient app, so the keys can be used to use to validate the webhook notifications.
  • AgilePoint recommends that you change the secret keys periodically. However, the primary and secondary secret keys should not be changed at the same time. If you change both secret keys at the same time, you may miss some notifications that occur between the time they are changed in AgilePoint NX and the time they are changed in your webhook recipient app. Instead, AgilePoint recommends that you change the primary and secondary keys one at a time on a periodic schedule. For example, you might change the primary key on January 1, the seconary key on February 1, and so on.

How to Start

  1. Click Manage.

    Click Manage
  2. In Manage Center, click System > Webhooks.

    Click Webhooks
  3. On the Webhooks screen, click Manage Secret Key.

    Click Manage Secret Key

Fields

Field NameDefinition

Primary Key

Description:
Shows the primary secret key that is included in the webhook notification header for authentication.
Allowed Values:
A secret key that comes from AgilePoint Server.
Default Value:
An unique secret key.

Secondary Key

Description:
Shows the secondary secret key that is included in the webhook notification header for authentication.
Allowed Values:
A secret key that comes from AgilePoint Server.
Default Value:
An unique secret key.

Generate Generate Secret Keys icon

Description:
Creates a new secret key.

AgilePoint recommends that you change the secret keys periodically. However, the primary and secondary secret keys should not be changed at the same time. If you change both secret keys at the same time, you may miss some notifications that occur between the time they are changed in AgilePoint NX and the time they are changed in your webhook recipient app. Instead, AgilePoint recommends that you change the primary and secondary keys one at a time on a periodic schedule. For example, you might change the primary key on January 1, the seconary key on February 1, and so on.

Copy Copy Secret Keys icon

Description:
Copies the secret key to your clipboard.

View View Secret Keys icon

Description:
Shows the secret key.