Authentication Types
When creating or editing a webhook in the dashboard, you choose an authentication type that Lettr uses when making requests to your endpoint.Basic Authentication
With basic auth, Lettr includes anAuthorization: Basic ... header in every webhook request. You provide the username and password when creating the webhook in the dashboard.
Verifying Basic Auth
Verify the credentials in your webhook handler:PHP (Laravel)
Python (Flask)
OAuth 2.0 Authentication
With OAuth 2.0 client credentials, Lettr obtains an access token from your OAuth server before each webhook delivery and includes it as a Bearer token. You provide the client ID, client secret, and token URL when creating the webhook in the dashboard.Verifying OAuth Tokens
Verify the Bearer token in your webhook handler:No Authentication
If you choosenone, Lettr sends webhook requests without any authentication credentials. This is the simplest option but offers no protection against unauthorized requests.
Additional Security Measures
IP Allowlisting
For additional security, restrict your webhook endpoint to only accept requests from Lettr’s IP addresses. Contact support for the current list.If you’re behind a proxy or load balancer, make sure to configure your application to trust the proxy and extract the real client IP from the
X-Forwarded-For header.HTTPS
Always use HTTPS endpoints for your webhooks. This ensures that authentication credentials and event data are encrypted in transit.Secret URL Paths
As an additional layer of defense, you can use a hard-to-guess URL path for your webhook endpoint:Checking Webhook Auth Status via API
You can check whether a webhook has authentication configured using the read-only API:The API response shows
auth_type and has_auth_credentials but never exposes the actual credentials. To update authentication settings, use the Lettr dashboard.Related Topics
Handling Webhooks
Best practices for processing webhooks reliably
Retries
Understand retry behavior and failure handling
Testing
Test webhooks in development and production
Event Types
Complete reference of all webhook events