The Credential Manager allows you to securely store any API tokens or Basic Authentication to be used in your Webhook. Once you have created your credential you can then use it in your Authenticated Webhook Action.

Using Authenticated Webhooks is a very useful and beneficial feature as it allows for Workflows to be linked with external apps/software. 

In order to send Authenticated Webhook you need to authorize your request using a request header.

Navigating to the Credential Manager

You can find the Credential Manager in the Global Admin Settings or the Space Admin Settings:

Admin Settings:  Admin Cog > Configuration (Workflows for Confluence) > Credentials

Space Settings:  Space Settings Cog > Content Tools > Workflows > Credentials

You will initially be greeted with the following screen:

Generating/Regenerating a Token

To begin creating your credentials you need to generate your token, this is used to as part of our secure way of storing your credentials. To learn more about how we manage this please read this page here.

Once you have created a token you will now be able to select Create and begin adding your first credential.

If you have a token already, you have the ability now to Re-Generate a token, this should be used wisely as the existing token is used as part of the encryption/decryption process of the credentials. If the token is regenerated then all existing Credentials in the database are no longer able to be read (rendering them useless). So any existing Credentials will be removed (please note, if you regenerate you token in a space then it only invalidates the credentials of that space).

What does a Credential include?

When a Webhook is sent to a URL, in order for that server to authenticate the request an Authorization request header must be included see here for more information.

With our Credentials you have the ability to specify three different types of headers that your credential uses.

  • Basic

  • Bearer

  • Custom

Each Authorization header comes with its own options for the credential:

Basic

Basic Authentication involves conjoining a user id, such as an email address/username, along with a password/token to form a string like "my_username:my_password", it is then Base64 encoded and included in the Authorization header.

This allows the server to verify the user who has sent the request.

When creating a Credential this is what the Basic Option looks like:

Bearer

Bearer Authentication, involves a security token that is granted to a user, called a Bearer Token. The server then checks that the token is valid and the request is handled correctly.

When creating a Bearer credential you have this screen:

Custom

Some API's/Endpoints require a custom set Authorization Header type to be set, for example AWS. To set this use the Other Header option:

Configuring you Credentials

Once you have created a Credential, you can begin to configuring it to be used across the app.

Each Credential has the ability to have the following done to it:

  • Set Permissions

  • Set Domains

  • Edit

  • Delete

To learn more about Domains and Permissions, click on their respective links.

In regards to Edit and Delete, these will be covered here.

Edit

Users who have permission to Edit a credential can click here to re-open the familiar Create dialog.

Here they can update any values they want.

Please note that if you make any changes to Usernames / Tokens / Header Types these will be overwritten in the database

Delete

Users who have permission to Delete a credential can do so by clicking on Delete, this will remove the credential from the app and any references to it will no longer be able to use it.