> For the complete documentation index, see [llms.txt](https://docs.usestencil.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.usestencil.com/integrations/webhook-integration/security-and-verification.md).

# Security and Verification

Webhook endpoints often deal with sensitive or privileged data. To help protect your systems and ensure authenticity, UseStencil provides multiple options to secure webhook deliveries:

1. ✅ Custom Headers
2. ✅ User-Defined Fields

## Customer Header (Simple Auth)

When configuring a webhook, you can include custom headers such as an API key or token for simple verification.

**Example configuration**

```
{
"Authorization": "Bearer abc123",
"X-Origin": "usestencil"
}
```

**Resulting HTTP request:**

```
POST /webhooks/receive HTTP/1.1
Content-Type: application/json
Authorization: Bearer abc123
X-Origin: usestencil
```

**How to Use:**

* Your backend should validate the presence and correctness of the token or header.
* Best for quick or internal-only setups (e.g. test environments).

## `user_defined` data (Optional Field-based auth)

You can supply key-value pairs under user-defined during webhook setup. These will appear inside the payload body — useful if your verification logic depends on data inside the request.

**Example Configuration:**

```
{
"auth_token": "stencil_secret_xyz"
}
```

**Payload Example:**

<pre><code><strong>"user_defined": {
</strong>  "auth_token": "stencil_secret_xyz"
}
</code></pre>

**How to Use:**

* Validate `user_defined.auth_token` on the receiving server.
* Useful for services that require in-body verification (e.g., Lambda triggers or low-code tools).

## Additional Best Practices

* ✅ Always use HTTPS for your receiving endpoint
* ✅ Rotate your webhook secrets periodically
* ✅ Log and monitor webhook activity and failures
* ✅ Reject requests missing the X-UseStencil-Signature header (if secret is defined)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.usestencil.com/integrations/webhook-integration/security-and-verification.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.