Our webhook events are sent using Basic Auth. When you register your webhook, we require that you provide us with a username and password. Your password will be encrypted at rest using AWS KMS.
Example of outgoing request header
headers: {
Authorization: 'Basic c3VwZXJzZWNyZXRVc2VyTmFtZTpzdXBlcnNlY3VyZVBhc3N3b3Jk'
}
To decode, you can do the following in JavaScript.
const authorization = request.headers['authorization'];
const auth = Buffer.from(authorization, 'base64').toString("utf8");
const [username, password] = auth?.split(":");