Webhook Policy fields

The fields of the Webhook policy form are listed below and recommendations for using each of them are provided.

The JWT algorithm

In the JWT Algorithm field, the cryptographic signature algorithm for Webhook messages is selected. When using a cryptographic signature, it is necessary to specify the decoding algorithm of the received message so that an attacker cannot bypass the verification stage of the algorithm. For more information, check out the JSON (JWA) web algorithms.

The application is about to expire

In the field The application expires indicates the expiration time of the JSON Web token (JWT) when it is no longer accepted for processing. The Webhook payload contains an “exp” (expiration date) statement based on this value. To process the ”exp“ statement, the current date and time must be earlier than the date and time specified in the ”exp" statement. Developers can provide for a small deviation (no more than a couple of minutes) to account for the time shift. For more information, check out the “exp” (expiration date) statement for the JSON web token (JWT).

Audience

The Audience field specifies the value for defining the audience. Audience detection identifies the recipients for whom the encrypted message is intended. For more information, check out the “aud” (audience) statement for the JSON web token (JWT).

Webhook

In the Webhook field, select Webhook that use this Webhook policy to cryptographically sign their messages.

Руководство пользователя Р-Сервис (RR Tech Service Management)

Webhook Policy fields

The JWT algorithm

The application is about to expire

Audience

Webhook