Manage authentication settings
Authentication settings define how Infobip authenticates when sending notifications to your webhook endpoint. These security settings protect your webhook by ensuring only Infobip can deliver notifications to your system. You can create, reuse, and delete authentication settings through the Infobip web interface or the Subscriptions API.
Authentication secures the request payload. For transport-level security using mutual TLS, see Manage certificates. Both can be used together for layered security.
Prerequisites [#prerequisites]
To create authentication settings, you need:
- Authentication method: Knowledge of which method your webhook requires (Basic, HMAC, or OAuth).
- Credentials: Your authentication credentials ready (see the authentication methods below).
- Notification profile: A profile ready, or plan to create one after setting up authentication. See Manage notification profiles.
For details on authentication methods (Basic, HMAC, OAuth 2.0), request signing and verification, see Subscription components.
Create authentication settings [#create]
Create authentication settings when setting up a notification profile, or create standalone settings for reuse across multiple profiles.
-
Log in to the Infobip web interface and go to Developer Tools > Subscriptions Management.
-
Open the Authentication settings tab.
-
Select Create authentication settings.
-
Enter a Security settings name using only letters, numbers, dashes, or underscores.
-
Select an Authentication type and provide the required credentials:
Method Required fields Optional fields Basic Username, Password — HMAC Secret key, HMAC algorithm — OAuth 2.0 Token URL, Grant type Client ID, Client secret, Client scope, Resource, Headers -
Select Save to create your authentication settings.
Use the Create security settings API endpoint. Supported types: BASIC, HMAC, and OAUTH.
The authId cannot be changed after creation.
View or edit authentication settings [#view-edit]
-
Log in to the Infobip web interface and go to Developer Tools > Subscriptions Management.
-
Open the Authentication settings tab and search for your settings using the search bar.
-
Select the three-dot menu next to the settings and choose:
- View: See a summary of your authentication configuration
- Edit: Change credentials, secret keys, or OAuth parameters
-
Make your changes and select Update.
Use the Subscriptions API to:
- Get all authentication settings with pagination
- Get a specific setting by auth ID
- Update credentials or change the authentication type
Delete authentication settings [#delete]
-
Log in to the Infobip web interface and go to Developer Tools > Subscriptions Management.
-
Open the Authentication settings tab and search for your settings using the search bar.
-
Select the three-dot menu next to the settings and select Delete.
Use the Delete security settings API endpoint. Specify the auth ID in the request path.
Authentication settings linked to an active notification profile cannot be deleted directly. Remove the authentication setting reference from the notification profile first. See Subscription hierarchy and deletion rules for details.
Manage notification profiles
Configure notification delivery and apply authentication.
Manage certificates
Enable mutual TLS for enhanced endpoint security.
Manage webhook subscriptions
Create and manage subscriptions.
Subscription hierarchy and deletion rules
Component relationships and deletion dependencies.