@@ -75,6 +75,33 @@ resource "ory_action" "enrich_identity" {
7575 }
7676 JSONNET
7777}
78+
79+ # Webhook with basic auth
80+ resource "ory_action" "with_basic_auth" {
81+ flow = "registration"
82+ timing = "after"
83+ auth_method = "password"
84+ url = "https://api.example.com/webhooks/secured"
85+ method = "POST"
86+
87+ webhook_auth_type = "basic_auth"
88+ webhook_auth_basic_auth_user = var.webhook_user
89+ webhook_auth_basic_auth_password = var.webhook_password
90+ }
91+
92+ # Webhook with API key auth (sent as header)
93+ resource "ory_action" "with_api_key" {
94+ flow = "login"
95+ timing = "after"
96+ auth_method = "password"
97+ url = "https://api.example.com/webhooks/login"
98+ method = "POST"
99+
100+ webhook_auth_type = "api_key"
101+ webhook_auth_api_key_name = "X-API-KEY"
102+ webhook_auth_api_key_value = var.api_key
103+ webhook_auth_api_key_in = "header"
104+ }
78105```
79106
80107## Authentication Methods
@@ -93,6 +120,52 @@ The `auth_method` attribute specifies which authentication method triggers the w
93120
94121~ > ** Note:** ` auth_method ` is only used for ` timing = "after" ` webhooks. For ` timing = "before" ` hooks, the webhook runs before any authentication method is invoked.
95122
123+ ## Webhook Authentication
124+
125+ Webhooks can be configured with authentication to secure the endpoint. Two types are supported:
126+
127+ ### Basic Auth
128+
129+ ``` hcl
130+ resource "ory_action" "secured_webhook" {
131+ flow = "registration"
132+ timing = "after"
133+ auth_method = "password"
134+ url = "https://api.example.com/webhooks/welcome"
135+ method = "POST"
136+
137+ webhook_auth_type = "basic_auth"
138+ webhook_auth_basic_auth_user = var.webhook_user
139+ webhook_auth_basic_auth_password = var.webhook_password
140+ }
141+ ```
142+
143+ ### API Key
144+
145+ ``` hcl
146+ resource "ory_action" "api_key_webhook" {
147+ flow = "login"
148+ timing = "after"
149+ auth_method = "password"
150+ url = "https://api.example.com/webhooks/login"
151+ method = "POST"
152+
153+ webhook_auth_type = "api_key"
154+ webhook_auth_api_key_name = "X-API-KEY"
155+ webhook_auth_api_key_value = var.api_key
156+ webhook_auth_api_key_in = "header"
157+ }
158+ ```
159+
160+ | Attribute | Description |
161+ | -----------| -------------|
162+ | ` webhook_auth_type ` | Authentication type: ` basic_auth ` or ` api_key ` |
163+ | ` webhook_auth_basic_auth_user ` | Username for basic auth |
164+ | ` webhook_auth_basic_auth_password ` | Password for basic auth (sensitive) |
165+ | ` webhook_auth_api_key_name ` | Header or cookie name for the API key |
166+ | ` webhook_auth_api_key_value ` | The API key value (sensitive) |
167+ | ` webhook_auth_api_key_in ` | Where to send the API key: ` header ` or ` cookie ` |
168+
96169## HTTP Method
97170
98171The ` method ` attribute specifies the HTTP method used when calling the webhook:
@@ -172,6 +245,12 @@ Common issues:
172245- ` project_id ` (String) Project ID. If not set, uses provider's project_id.
173246- ` response_ignore ` (Boolean) Run webhook async without waiting (default: false).
174247- ` response_parse ` (Boolean) Parse response to modify identity (default: false).
248+ - ` webhook_auth_api_key_in ` (String) Where to send the API key: 'header' or 'cookie'.
249+ - ` webhook_auth_api_key_name ` (String) Header or cookie name for API key webhook authentication.
250+ - ` webhook_auth_api_key_value ` (String, Sensitive) API key value for API key webhook authentication.
251+ - ` webhook_auth_basic_auth_password ` (String, Sensitive) Password for basic auth webhook authentication.
252+ - ` webhook_auth_basic_auth_user ` (String) Username for basic auth webhook authentication.
253+ - ` webhook_auth_type ` (String) Webhook authentication type: 'basic_auth' or 'api_key'.
175254
176255### Read-Only
177256
0 commit comments