# Webhook Security

To ensure a secure integration of webhooks with your custom implementation or the third-party provider, we propose the following safety measures.

## Only allow HTTPS requests[​](#only-allow-https-requests "Direct link to Only allow HTTPS requests")

freispace will only send webhook requests over `HTTPS` and check that endpoints have a valid SSL certificate.

Ensure to block any non-secure `HTTP` requests on the receiving end.

## Ensure validity using HMAC[​](#ensure-validity-using-hmac "Direct link to Ensure validity using HMAC")

All requests are signed with `HMAC` using the `sha256` algorithm. Check any incoming webhook's validity using the pre-shared key.