Discussions

Hello,

I have a question in regard to the webhook API. For security purposes, I would like to be able to rotate the token for a webhook periodically.

For context I see two main alternatives I could implement:

1. Just overwrite the token for the webhook via Personio API and at the webhook target location, invalidating the old token immediately. All in-flight webhook calls will fail, because the token won't be accepted by the webhook-target anymore.
2. Add a new token version and allow use of old and new token for a grace period, before the old token is invalidated.

Alternative #2 seems more robust, but Alternative #1 is simpler to implement. Alternative #2 also might be problematic if the endpoint and the token have become compromised. I'd probably have to implement Alternativ #1 as well for cases were immediate action is necessary.

Most importantly, Alternative #2 would only be necessary if retries were to use the token that was defined at the time of the original event, and hence my question:

(TL;DR starts here):

Do webhook retries use the token currently defined for the webhook, or do they use the token defined at the time of the event? (So, is the POST-Request generated anew for each retry, or is it generated once and just send multiple times)?

Thank you!

Best regards

garhon