Hi Team,
I need your assistance regarding the security setup for WebSockets in our application.
We would like to implement a mechanism similar to Webex webhook secret validation, where a secret key is used to verify the authenticity of incoming requests. Specifically, our goal is:
When a request comes through the WebSocket connection, it should carry a predefined secret key.
On the backend, we want to validate that the request contains the correct secret.
If the secret is valid, the request should proceed to the backend APIs.
Otherwise, the request should be rejected.
We are interested in knowing whether there are recommended mechanisms or best practices to achieve this kind of secret validation for WebSocket connections—similar to how secrets are used in webhook creation and validation.
Looking forward to your guidance on this.
Best regards,
bhanu