In an effort to enforce the highest security standards, basic authentication is being removed from webhooks. There’s a new, more secure way to help you verify your webhook requests coming from HubSpot. This is done with request signatures. Using request signatures, HubSpot will populate the webhook with an X-HubSpot-Signature header containing a SHA-256 hash of the concatenation of the app-secret + HTTP method + URI + request body.
More information on request signatures can be found here.
When selecting to “use authentication” with a HubSpot webhook, the option for basic authentication will no longer be available. All users will need to use “request signatures” for webhook authentication.
When is this happening?
Basic authentication will be removed from HubSpot webhooks on March, 1, 2019.
Join the conversation, here!