Because of the way webhooks work, attackers can impersonate services by simply sending a fake webhook request to an endpoint.Think about it: it’s just an HTTP POST from an unknown source. This scenario creates a potential security hole for many applications, or at the very least, a source of confusion and erroneous data processing.To prevent unauthorized requests, Straddle signs every webhook and its metadata with a unique key for each endpoint. By verifying this signature, you ensure that the webhook indeed comes from Straddle, processing it only if the verification passes.
Another potential vulnerability is a replay attack. In a replay attack, an attacker intercepts a valid payload (including the signature) and re-sends it to your endpoint. Because the payload is valid and signed, it would pass the normal verification checks, potentially causing unintended actions or security breaches.To combat this, Straddle includes a timestamp in every webhook attempt. Our official libraries automatically reject webhooks if their timestamp is more than five minutes off from the current time. This requirement ensures that even if a payload is intercepted, it cannot be successfully replayed at a later time without failing the time-based validation check.
For timestamp verification to be effective, it’s important that your server’s clock is accurate. We recommend using NTP (Network Time Protocol) to keep your server’s clock synchronized.