UPDATE: Basic Authentication for webhooks in workflows has been removed.

February 13, 2019

What’s happening?

In an effort to enforce the highest security standards,  basic authentication is being removed from webhooks within workflows. There’s a new, more secure way to help you verify your webhook requests coming from HubSpot. This is done with request signatures. Using request signatures, HubSpot will populate the webhook with an X-HubSpot-Signature header containing a SHA-256 hash of the concatenation of the app-secret + HTTP method + URI + request body.

 More information on request signatures can be found here.

What’s changing?

When selecting to “use authentication” with a HubSpot webhook, the option for basic authentication will no longer be available. All users will need to use “request signatures” for webhook authentication.

 When is this happening?

 Basic authentication has been removed from webhooks.

 Join the conversation, here!