Implement Your Own Webhook Endpoint

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
L2 Linker

By Vinay Kumar M, Senior Staff Engineer 

 

Summary

 

There are numerous security concerns while using 3rd party Webhooks Providers like pipedream, webhook.site, etc. However, a lesser known alternative is rather than relying on third-party webhook providers, you can implement your own webhook endpoint.

 

Objective

 

When choosing a Webhook provider, consider the following factors:

 

  • Ease of use, features
  • Scalability, data retention policies
  • Security measures
  • Specific requirements you have for your Webhook integrations

 

Considering all of the above parameters, in addition to pushing sensitive data to a 3rd party Webhook provider, the objective of this article is to show how one can create their own Webhook Endpoint.

 

Procedure

 

In order to create your own Webhook Endpoint, make use of the API Gateway Service in AWS Cloud provider.

 

What is an API Gateway?
 

An API proxy is a fully managed service that helps you to create APIs and publish, monitor and maintain them. It is scalable, can handle concurrent calls, authorization, and traffic management. Read more here - Amazon API Gateway.
 

Setting up API Gateway

 

Step 1: Head to the AWS Console

Step 2: Select Services

Step 3: Search for API Gateway

Step 4: Click on Build REST API and the following dashboard will appear.

 

RPrasadi_0-1711670255439.png

Figure 1: Build REST API _palo-alto-networks

 

An important thing to note here is to select an Endpoint Type which is by default Regional which means the lambda would be deployed in the current region.

 

Step 5: Creating a method for our Lambda Function:

Click on the Actions drop down and select Create method.  In the Resources section, Click on the drop down and select POST, then click on Check marks.  After that, you need to set up the method you have just created.

 

RPrasadi_1-1711670255460.png

Figure 2: Creating a method for our Lambda Function_palo-alto-networks

 

Make sure to check - “Use Lambda proxy Integration” option. It’s necessary to build a webhook. This API Gateway will provide you an endpoint. We need to redirect it to Lambda.
 

Step 6: Deploying API to a stage - Go to Actions and click Deploy API now, and create a new deployment stage.

 

RPrasadi_2-1711670255432.png

Figure 3: Deploy API_palo-alto-networks 

 

Step 7: Click on Deploy and get your Invoke URL in the stage area.

 

RPrasadi_3-1711670255644.png

 Figure 4: Invoke URL_palo-alto-networks 

 

Step 8: Now, you can use this endpoint in Webhook integration within Prisma Cloud, but by default, API Gateway does not store the data sent to its endpoints. It acts as a gateway or proxy, forwarding the requests it receives to the integration target (such as an AWS Lambda function, an HTTP endpoint, or other AWS services) without persisting the data.

 

curl -X POST -H "Content-Type: application/json" -d '{"key1":"value1","key2":"value2"}' https://your-api-gateway-url

 

However, you can configure API Gateway to integrate with other AWS services or backend systems to store the data. Some common options include:

 

  1. AWS Lambda: You can configure API Gateway to integrate with an AWS Lambda function. Within the Lambda function, you have the flexibility to store the data in various ways, such as writing it to a database (e.g., Amazon DynamoDB, Amazon RDS), saving it in a file (e.g., Amazon S3), or sending it to a message queue (e.g., Amazon Simple Queue Service).
  2. AWS DynamoDB: You can directly integrate API Gateway with Amazon DynamoDB to store the incoming data as records in a DynamoDB table. This allows for efficient and scalable data storage and retrieval.
  3. Amazon S3: API Gateway can be configured to save the data to an Amazon S3 bucket. This is useful for storing raw payload data or files sent via the webhook.
  4. Custom Backend Systems: You can configure API Gateway to send the incoming data to custom backend systems, such as your own server or third-party services, via HTTP integration or AWS Lambda custom integration. The backend system can then handle the data storage based on your specific requirements.

 

Remember that data storage and handling depend on how you configure the integration and the logic implemented in the integration target (e.g., Lambda function, backend system). You have the flexibility to choose the most suitable storage solution for your specific use case and requirements.

 

About the Author

Vinay Kumar M is a seasoned professional with over 8 years of invaluable experience in the dynamic realm of cloud computing. As a Senior Customer Success Engineer in PANW, Vinay specializes in navigating the intricate landscape of Prisma Cloud and Compute, showcasing his expertise in ensuring seamless operations for accounts across the Asia-Pacific region.



  • 2404 Views
  • 0 comments
  • 0 Likes
Register or Sign-in
Labels
Top Liked Authors