cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
233
Views
0
Helpful
0
Replies

Outgoing webhook authentication

0xcafed00d
Level 1
Level 1

Hello,

We want to have the possibility for agents to send WhatsApp messages to customers.
We would create a widget[1] for Webex Contact Center Desktop[2].
A new service has been created and a flow has been set up for an outgoing webhook.
Calling the webhook from JavaScript by passing the proper JSON payload works, and in the next step of the flow the WhatsApp message will be sent out based on the configured template and based on the received variables (from JSON).
The problem is that anyone can open the developer tools (F12 in the browser) and then copy paste the webhook URL to somewhere else, and call it from anywhere.
There is an option to tick "Service key or JWT needs to be passed in request header if this option is selected". But what does that solve? Anyone can copy that as well from the developer tools.
How is it possible to prevent unauthorized access to the webhook? We only want to let agents invoking it in a specific organisation from WxCC Desktop. If an agent copies the JS code and Service key and distributes it, then anyone could send WhatsApp messages from the configured WhatsApp ID.

[1] https://github.com/WebexSamples/webex-contact-center-api-samples/tree/main/widget-samples/widget-sample-101

[2] https://desktop.wxcc-eu1.cisco.com/

0 Replies 0