Details
-
Suggestion
-
Resolution: Unresolved
-
None
Description
Summary:
If users have a requirement to step up webhook integration where the authentication should be set via URL, it can achieved by following method
https://USERNAME:PASSWORD@<URL of destination server>
The username and password sent through URL will be plain texts and we do not have a method to mask them. It will be good to have variable masking strategy here where users can pass $USERNAME and $PASSWORD as variables and mask them so that they are secure.
Workaround:
To use webhook secrets as an alternative
Reference: https://bitbucket.org/blog/enhanced-webhook-security