Skip to main content

Connector Security

Connector data in SyncNow is encrypted in the database to protect sensitive information.

For secure communication, always use TLS (HTTPS) for all HTTP connections. This prevents credentials and other sensitive connector data from being exposed.

🔑 Connector Authentication Methods

SyncNow supports several authentication methods for connecting to external systems:

  1. Basic Authentication
    Authenticate with a username and password or token.

  2. Bearer Authentication
    Authenticate using a username and token in the Authorization header.

  3. SyncNow Auth with Username and URL Token
    Used when the target work system does not support standard authentication. SyncNow authenticates using a username and a unique URL token.

🌐 Webhook Security

Webhooks are used for continuous synchronization and DevOps Gate processes. SyncNow automatically registers webhooks when you activate a sync process. Webhook authentication options include:

  1. Anonymous Notifications
    Use this if the source system (e.g., Azure DevOps, Jira, ServiceNow) only supports anonymous notifications to SyncNow.

    If you enable anonymous notifications, we strongly recommend adding IP restrictions for security.

  2. Allowed IP Addresses
    Specify trusted IP addresses or IP ranges (in network/mask format, separated by commas) from which SyncNow will accept webhook notifications.

  3. SyncNow User Token (Secret)
    Use a SyncNow user API token for secure authentication of webhook requests.

Edit System

🗝️ Setting a SyncNow API Key for Webhook Communication

To securely authenticate webhook requests with SyncNow, set up an API Key as follows:

  1. Navigate to the Users Section
    Go to the Users page in SyncNow.

  2. Create a User
    Add a user who will be used for authenticating webhook requests.

  3. Generate an API Key
    Click Secret String to generate an API Key for the user.
    This key will be used for authenticating webhook requests to SyncNow.

  4. Save the User Information
    Ensure the user and API key are saved securely.

  5. Configure Webhook Security
    In the system connector settings, set this user as the authenticating user in the webhook security section.

Admin

Tip:
Always use the most secure authentication method supported by your source system. Combine user tokens with IP restrictions for maximum security.