Add extra security to the webhooks feature

JavaScript must be installed and enabled to use these boards. Your browser appears to have JavaScript disabled or does not support JavaScript. Please refer to your browser's help file to determine how to enable JavaScript.

HubSpot Ideas

Search HubSpot Ideas or Create Idea

Status:

For our company, it is of paramount importance to be able to ensure that all incoming traffic is safe and secure, before it enters our system. Currently, the only way to secure calls from HubSpot via WebHooks is via the X-HubSpot-Signature header. Verifying this header can only be accomplished in code. In other words, the call has already entered our system before we can check whether it is bona fide. Ideally, mutual TLS or the allowlisting of a range of IP-addresses should be available as a security option. Please make available a security setup that goes beyond the mere adding of a signature to webhooks notifications.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Reply to Idea