Hi all, I apologize for the newbie question, but I...
# ory-networkp
prehistoric-knife-48976
06/11/2023, 4:32 AMHi all, I apologize for the newbie question, but I’m trying to accomplish creating a user account in my database via a webhook. I’ve read through the documentation on configuring web hooks and I’ve gotten to the point where I’m working on patching the project configuration file. I’m supposed to enter an authentication method and the options are basic_auth and api_key. If I choose api_key, is this referring to the api keys that can be obtained through the ory web console? My only other question is that once I obtain this api key, I assume that the request destined for the web hook endpoint will pass through oath keeper (which I have set up). When the api key is verified, how does that take place?
h
high-optician-2097
06/11/2023, 9:36 AM
Hey @prehistoric-knife-48976, no worries! Thank you for the question and trying out Ory and welcome to the family 🙂
The auth section in the webhook refers to how Ory should authenticate with YOUR service. So let’s say your webhook target is a NodeJS app. This NodeJS app will probably have some type of auth mechanism (for example a static password you set up in some ExpressJS middleware). In Ory, you set the API key to whatever that static password is that you defined! This helps protect your webhook endpoint from unauthorized access! Hope this helps
p
prehistoric-knife-48976
06/13/2023, 2:28 AMThank you very much for the pointers. I hope it’s all right if I ask a follow up. I’m using oathkeeper as the access decision point for my backend api, If I give ory an API key in the project config file, then is there a way to configure oath keeper to verify the api key? In the docs for oathkeeper I only see authenticators like checking a session store, which doesn’t seem to fit this scenario. I’d like to not have to take care of verifying the api key at the application level but instead have it in oathkeeper along with the rest of the authentication logic.
h
high-optician-2097
06/13/2023, 7:42 AM
😕 Unfortunately Oathkeeper doesn’t support static credentials (ones that you define in your app). What language is your app in?
p
prehistoric-knife-48976
06/13/2023, 11:51 AMPython
prehistoric-knife-48976
06/13/2023, 11:57 AMAlso, correct me if I’m wrong, but it doesn’t look like there’s any way to have ory actions work in development. Like in stripe, they have a cli command “stripe listen” that will forward on the messages to your stripe web hook.
h
high-optician-2097
06/13/2023, 12:04 PM
ohhhh that’s a very valid point
high-optician-2097
06/13/2023, 12:04 PM
you can probably work around it using ngrok or some similar tunnel
p
prehistoric-knife-48976
06/13/2023, 12:08 PMhaha, yeah, I just asked chat gpt and it said the same thing. I’ll investigate that and figure it out.
prehistoric-knife-48976
06/13/2023, 12:09 PMThanks for your help, I really appreciate it!
h
high-optician-2097
06/13/2023, 12:10 PM
my pleasure