Hi,
I have setup a Wix automation and I am calling a webhook. My webhook is calling an API which I am protecting with an x-api-key header, for best practices.
According to Wix’s support, it is not supported to provide a header on the webhook for the Wix Automation. This is extremely surprising because all the systems I use when configuring webhook will support adding HTTP headers…
My usecase is “if invoice is paid, call webhook”… Why is it assumed that we would call a unsecure webservice in the automation?
Are they any soutions?
Thank you
Hello,
Wix Automations don’t support adding HTTP headers to webhooks. To work around this, set up a middleware proxy service that receives the webhook from Wix, adds the x-api-key header, and then forwards the request to your protected API. This ensures secure communication without directly exposing your API key.
Best Regard,
tanya635rosario
MyLowesLife
This could leave my proxy open to man in the middle attack. How do you know if the request is coming from the specified automation or some anon if the request is not protected? Someone can easily take down my proxy middleware once they have the url to my middleware which conveniently wix exposes on the network tab.