The Anatomy of a Webhook Notification

Articles

The HTTP Post Request
When the Identity Cloud sends a webhooks notification to a listener endpoint, that notification is sent as an HTTP POST request, a standard way for one computer to send data to another. The request itself will look similar to this: ...
HTTP Headers
HHTP headers convey additional information about an HTTP request; in effect, headers are a way for the sender to say, “Hey, I’m about to make a request. Here’s a little more detail on what that request is all about and what you mig...
Security Event Tokens
HTTP headers convey information about a Webhooks v3 request. But what does the request itself convey? We’re glad you asked that question; it conveys something similar to this: eyJ0eXAiOiJzZWNldmVudCtqd3QiLCJhbGciOiJSUzI1NiIsImtpZCI6...
Security Event Token Headers
When it comes to JSON Web Tokens, the header section typically serves two purposes: 1) it identifies the token type; and, 2) it identifies the hashing algorithm used to encode the token. Security token headers used by the Akamai Identity Cloud cover...
Security Event Token Payloads
The SET payload contains a set of name/value pairs (also known as  claims ) that describe the event and when it occurred. For example: {  "iss": "Akamai Identity Cloud",  "iat": 1563488631,...
Security Event Token Signatures
At the bottom of each security event token you’ll see a block of text that looks similar to this: IvkrGFE3GsK3eTLO_QvdFKqg4ktJ2sDToHNghMfGUlWNzRLMIpmgsWZXzLv0QMiyatLva7mEshTlfyOje-S_Y-nUniM9hgHgNg-R0Az9hs2mu_ORcXEFo9AHayhjvW1bKHcmTI...
JSON Web Keys
Akamai uses JSON Web Keys (JWKs) to sign webhooks security event tokens. When you subscribe to webhooks, Akamai creates a set of three public (and private) keys for use with Security Event Tokens. Akamai keeps the private keys for itself a...