Skip to content

Prismic Webhook Secret

Service Name: Prismic

Service Description: Prismic is a headless CMS (Content Management System) that provides a content repository with a RESTful API and user interface for content creation and management. It allows developers to build websites and applications with structured content that can be delivered to any frontend.

Service Address: https://prismic.io/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the repository level for webhook endpoints.

Secret Access Scope: Webhook secrets authenticate webhook requests sent from Prismic to your application, ensuring that the webhooks are legitimate and come from Prismic.

Secret Revokement URL: https://prismic.io/dashboard/webhooks

Secret Example: prismicwebhook_a1b2c3d4e5f6g7h8i9j0

Suspicious Activity Investigation Instructions:

  • Check your application logs for unexpected webhook calls from Prismic.
  • Verify if there are any unauthorized content updates or publications in your Prismic repository.
  • Review the webhook configuration in your Prismic dashboard for any unauthorized changes.
  • Monitor your application for unexpected behavior that might be triggered by webhook events.
  • Check if there are any unauthorized API calls using the webhook secret.

Mitigation Instructions:

  • Log into your Prismic dashboard.
  • Navigate to Settings > Webhooks.
  • Delete the compromised webhook or regenerate its secret.
  • Create a new webhook with a new secret if needed.
  • Update your application code with the new webhook secret.
  • Consider implementing additional validation in your webhook handler to verify the source of requests.
  • Review and update your security practices for storing and handling webhook secrets.