Connector Security

Connector data in SyncNow is encrypted in the database.

For secure communication, we recommend using TLS for HTTP connections to avoid exposing credentials and other sensitive connector data.

Connector Authentication Methods

SyncNow supports the following authentication methods:

1. Basic Authentication with username and password/token - target system will authenticate SyncNow with username and password/token
2. Bearer Authentication with username and token
3. SyncNow auth with username and url token - this is used incase the work system does not support target authentication.

Webhook Security

Webhooks are utilized for continuous synchronization and DevOps Gate Processes. SyncNow automatically registers webhooks when you activate a Sync process. Webhooks can authenticate with SyncNow using the following methods:

1. Anonymous Notifications: Use this if the source system (e.g., Azure DevOps, Jira, ServiceNow) only supports anonymous notifications to SyncNow. If checked, SyncNow will not authenticate source requests to its notification API.

   We strongly recommend adding IP restrictions if Anonymous notifications are enabled.

2. Allowed IP Addresses: Enable this to specify IP addresses or IP ranges (in network/mask format, separated by commas) from which SyncNow will accept webhook notifications.

3. SyncNow User Token (secret): Use this for secure authentication.

Setting SyncNow API Key

Follow these steps to set an API Key for webhook communication:

1. Navigate to the Users section.
2. Create a user who will authenticate with SyncNow.
3. Generate an API Key for the user by clicking Secret String. This key will be used for SyncNow authentication.
4. Save the user information.
5. Set this user as the authenticating user in the webhook security section of the system connector settings.