To ensure data security, we recommend you use TLS connections ('https' URLs) when using webhooks in Clui. This type of connection protects sensitive data from electronic eavesdropping while being sent.
We also advise you to prevent Clui impersonations and false data being provided to the URL by verifying the callback request signature.
All webhook callback requests include an
X-Clui-Signature in the request header with a unique ID which is bound to the learning space. This signature is generated in the first webhook callback and persists for all future callbacks.
As an administrator, you can store the signature somewhere safe and use it to identify the source of the request.
For more information, see 'Using webhooks in Clui'.