Custom Auth for Webhook Notifications
In addition to the signing key to validate the signature upon receipt of the notification, ICE MT also supports Custom Authorization (Custom Auth) for webhook notifications. Custom Auth for webhooks enables customer specified authorization flow before posting webhook notification to the subscribed endpoint.
The following Auth types are supported:
- Webhook endpoint request using an OAuth2 token obtained with client credential flow and request is signed with a symmetric key.
- Webhook endpoint request using an OAuth2 token obtained with client claim
(www.rfc-editor.org/rfc/rfc7523) and symmetric key-based request signing token. - An asymmetric key based request signed (JWKS) token and an OAuth2 token acquired through the client credential flow are included in the web-hook endpoint request.
Custom Auth Implementation Requires PSO Engagement
The implementation of Custom Auth for webhooks requires engagement with ICE MT Professional Services (PSO). Please contact your client management team for PSO engagement.
© ICE Mortgage Technology, Inc. All rights reserved.