Skip to content

Add security tip and examples to Webhooks documentation #2849

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 18 commits into from
Nov 20, 2025
Merged

Add security tip and examples to Webhooks documentation #2849

merged 18 commits into from
Nov 20, 2025

Conversation

@pwizla
Copy link
Collaborator

@pwizla pwizla commented Nov 20, 2025
edited
Loading

This PR adds a security tip recommending verification of webhook signatures in receivers.

@vercel
Copy link

vercel bot commented Nov 20, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
documentation Ready Ready Preview Comment Nov 20, 2025 9:20pm

@strapi-cla
Copy link

strapi-cla commented Nov 20, 2025
edited
Loading

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ pwizla
❌ web-flow
You have signed the CLA already but the status is still pending? Let us recheck it.

@github-actions github-actions bot added pr: updated content PRs updating existing documentation content source: repo PRs/issues not targeting a specific documentation but rather affecting the whole repo internal PRs created by the Strapi core team labels Nov 20, 2025
@pwizla pwizla changed the title [experimental] Docs webhooks security tip [experimental] Add security tip to Webhooks documentation Nov 20, 2025
@pwizla pwizla self-assigned this Nov 20, 2025
@pwizla pwizla added this to the 6.12.1 milestone Nov 20, 2025
@pwizla pwizla changed the title [experimental] Add security tip to Webhooks documentation Add security tip and examples to Webhooks documentation Nov 20, 2025
@pwizla pwizla marked this pull request as ready for review November 20, 2025 20:56
pwizla
pwizla commented Nov 20, 2025
View reviewed changes
pwizla
pwizla commented Nov 20, 2025
View reviewed changes
@pwizla pwizla merged commit 88b039e into main Nov 20, 2025
3 of 4 checks passed
@pwizla pwizla deleted the repo/docs-webhooks-security-tip branch November 20, 2025 21:23
pwizla added a commit that referenced this pull request Nov 20, 2025
@pwizla @web-flow @actions-user
Add security tip and examples to Webhooks documentation (#2849)
1bfb568 
* docs(backend): correct TypeScript code fences in TS tabs (controllers, services, middlewares, routes)

* docs(bundlers): clarify webpack config example rename and JS/TS filenames

* docs(routes): add guidance to prefer fully-qualified handler names in custom routers

* docs(api-tokens): add concise security tip (least privilege, rotation, secrets manager)

* docs(controllers): add caution about validateQuery/sanitizeQuery/sanitizeOutput when overriding actions

* docs(policies): clarify scoped policy folders and fix example path

* docs(webhooks): add signature verification tip and fix TS config path

* Limit PR scope based on title; keep only intended doc(s); revert unrelated files

* Webhooks docs: expand security guidance on signing and verifying payloads; add references (PR #2849)

* Webhooks docs: add HMAC verification example and external references; remove redundant line (PR #2849)

* Webhooks docs: wrap HMAC verification example in <details> with summary (PR #2849)

* Webhooks docs: convert HMAC verification example to JS/TS Tabs (PR #2849)

* Webhooks docs: use ExternalLink components for external examples (PR #2849)

* Webhooks docs: use ExternalLink components for Learn more links (PR #2849)

* Apply suggestion from @pwizla

* Apply suggestion from @pwizla

* Fix syntax

* Update llms.txt

---------

Co-authored-by: GitHub Actions <[email protected]>
pwizla added a commit that referenced this pull request Nov 20, 2025
@pwizla @web-flow
Add security tip and examples to Webhooks documentation (#2849) (#2870)
4b6adcc 
* docs(backend): correct TypeScript code fences in TS tabs (controllers, services, middlewares, routes)

* docs(bundlers): clarify webpack config example rename and JS/TS filenames

* docs(routes): add guidance to prefer fully-qualified handler names in custom routers

* docs(api-tokens): add concise security tip (least privilege, rotation, secrets manager)

* docs(controllers): add caution about validateQuery/sanitizeQuery/sanitizeOutput when overriding actions

* docs(policies): clarify scoped policy folders and fix example path

* docs(webhooks): add signature verification tip and fix TS config path

* Limit PR scope based on title; keep only intended doc(s); revert unrelated files

* Webhooks docs: expand security guidance on signing and verifying payloads; add references (PR #2849)

* Webhooks docs: add HMAC verification example and external references; remove redundant line (PR #2849)

* Webhooks docs: wrap HMAC verification example in <details> with summary (PR #2849)

* Webhooks docs: convert HMAC verification example to JS/TS Tabs (PR #2849)

* Webhooks docs: use ExternalLink components for external examples (PR #2849)

* Webhooks docs: use ExternalLink components for Learn more links (PR #2849)

* Apply suggestion from @pwizla

* Apply suggestion from @pwizla

* Fix syntax

* Update llms.txt

---------

Co-authored-by: GitHub Actions <[email protected]>
pwizla added a commit that referenced this pull request Nov 21, 2025
@pwizla
Reformat #2849 content
f42c63a
@pwizla pwizla removed this from the 6.12.1 milestone Nov 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@meganelacheny meganelacheny Awaiting requested review from meganelacheny meganelacheny is a code owner

Assignees

@pwizla pwizla

Labels

internal PRs created by the Strapi core team pr: updated content PRs updating existing documentation content source: repo PRs/issues not targeting a specific documentation but rather affecting the whole repo

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pwizla @strapi-cla @web-flow