Datacake Docs
  • Welcome
  • Get Started
  • Changelog
  • Best practices
    • Best practices: Getting started
    • Best practices: Resolution (Timeframe)
    • Best practices: Dashboards
    • Best practices: Reports
    • Best practices: Grouping Devices
  • Datacake LNS
    • Getting Started
    • Gateways
      • Milesight LoRaWAN Gateway - UG6x
      • RAKwireless WisGate Edge Light 2
    • Devices
    • Add Devices without Gateway
  • Device
    • Product
    • Configuration
    • Claiming
    • Historical Data
    • Database
      • Configuration Fields
      • Fields
        • Manual input
        • Field Roles
        • Formulas
        • Mapping Fields
      • Data retention & Datapoints
      • Examples
        • Mapping 4-20mA Signals
        • Converting Units
  • Dashboards
    • Global Dashboards
      • Setting Homepage
    • Device Dashboards
    • Multi-Device Dashboards
    • Widgets
      • Value Widget
      • Chart Widget
      • Image Map
      • Map Widget
      • Text Widget
      • SOS Widget
      • Boolean Widget
      • iFrame Widget
      • Downlink Widget
      • Set Value Widget
      • Measurement List Widget
      • Heatmap Widget
      • Table Widget
  • Portal
    • Multi-Tenancy (Workspaces)
    • Reports
      • Energy Report
    • Administrators
    • Members
      • API Users
    • Security & Privacy
    • Billing
      • Support Packages
      • VAT Exemption / Tax ID
      • SMS Credits
      • Access Invoices
      • Unused time and Remaining time in Invoices (Prorations)
      • Codes
    • White Label
    • Rules
      • Legacy Rule Engine
        • Sending notifications via Telegram
      • New Rule Engine
        • Rule Engine Table Overview
        • Copy/Paste and Template Functionality
        • Advanced Rule Engine E-Mail and Webhook Templates
        • Time Restrictions
    • Zones
  • Cake Red
    • Get Started
    • Overview
  • LoRaWAN
    • Get Started
      • CSV Import
      • Custom LoRaWAN Device
    • Configuring LNS
      • The Things Stack (TTN / TTI) Automated Setup
      • The Things Stack (TTN / TTI) Manual Setup
      • Loriot
      • Kerlink Wanesy
      • Helium
      • ChirpStack
      • Tektelic
      • Actility ThingPark
      • Senet
      • Milesight Gateway
      • KPN
    • Downlinks (LoRaWAN)
      • Set Time Frame
    • Securing Webhooks
    • Payload Decoders
      • Location and GPS
      • Access Gateway Metadata
      • Access Measurements
      • Global Variables
    • Using Cayenne LPP
    • Converting Payload
  • Generic API Devices
    • HTTP Downlinks
  • Integrations
    • MQTT
    • Particle
      • Get Started
      • Adding Integrations
      • Decoding Payloads
      • Calling Functions
      • Templates
        • Particle Tracker One
    • Incoming Webhooks
    • Outgoing Webhooks
      • Securing Outgoing Webhooks in Datacake
    • Golioth
    • Blues Wireless Notecard
    • Sigfox
    • Swarm Asset Tracker
    • Grandcentrix Modbus Cloud Connect
    • YuDash LYNX IoT Gateway
    • Dragino NB-IoT
      • Changing NB-IoT Bands
    • Hardwario CHESTER
    • 1NCE OS
  • API
    • Exporting Data
    • Record Measurements via API
    • Node RED to Datacake
    • Generate Access Token
    • Internal MQTT
      • Get Started
      • MQTT Documentation
      • MQTT over WebSocket
      • Example Code
    • GraphQL API
      • Using GraphQL
      • Device Creation
      • Tutorials
        • Read Group via Tags
  • Guides
    • Python
    • Send Slack Notifications
    • Forward Data to Cake Red
    • Multiple Data Feeds
    • Automated Dynamic Downlinks
    • Ingesting JSON Data into Datacake API Devices
    • Working with Default HTTP Decoder on API Devices and Code Examples
    • Accessing Measurements in Decoders
    • Connecting Datacake to Notion Using Zapier
    • How to set up and use location on non-GPS devices
    • How to integrate with AWS IoT Core
    • How to Schedule Mass-Downlinks (Multicast) using Datacake Rule Engine
    • How to Map Sensor Values to Ranges or Booleans, Strings using Mapping Fields
    • Understanding Internal vs. External MQTT Brokers on Datacake
    • Sending UDP Messages between 1NCE OS and Datacake
    • Concepts of LoRaWAN Payload Decoders on Datacake
    • How to check if a value stays above or below limits for given time
Powered by GitBook
On this page
  • Overview
  • Video
  • 📤 What Is an Outgoing Webhook?
  • 🛡️ Why Use Header-Based Authorization?
  • 🧪 Example: Using Node-RED to Receive and Validate Webhooks
  • 1. Create the Webhook in Datacake
  • 2. Set Up Node-RED Flow
  • 🛠️ How It Works
  • ⚠️ Common Pitfalls
  • 🔒 Security Notes
  • 💬 Questions?

Was this helpful?

  1. Integrations
  2. Outgoing Webhooks

Securing Outgoing Webhooks in Datacake

Learn how to securely forward device events from Datacake using outgoing webhooks, and validate them in external systems like Node-RED using custom authorization headers.

Last updated 2 days ago

Was this helpful?

Overview

This guide shows you how to secure Datacake outgoing webhooks using custom HTTP headers (e.g., Authorization) and validate them with tools such as Node-RED. It includes a real-world example, common pitfalls, and a reusable code snippet.

Video

📤 What Is an Outgoing Webhook?

Datacake allows you to forward device events (like measurements, decoder outputs, or downlinks) to external services using webhooks. These webhooks are triggered every time a selected event occurs in your workspace.

You can configure them under:

Workspace Sidebar → Integrations → Webhooks

🛡️ Why Use Header-Based Authorization?

Because Datacake is cloud-native and its infrastructure is dynamic (scaling up/down), IP whitelisting is unreliable. Instead, the recommended and secure way to authenticate webhook requests is via an HTTP header:

  • Name: Authorization (or any custom header name)

  • Value: A secret token known to both Datacake and the receiver (e.g., Node-RED)

All requests are sent via HTTPS, ensuring the token is encrypted during transmission.

🧪 Example: Using Node-RED to Receive and Validate Webhooks

1. Create the Webhook in Datacake

  1. Go to Integrations → Webhooks

  2. Click Add Webhook

  3. Choose an event (e.g., "Device Measurement Recorded")

  4. Set your endpoint URL (e.g., https://your-node-red-instance.com/webhook)

  5. Under Headers, add:

    • Name: Authorization

    • Value: Bearer ABC123 (use your own secure token)

  6. Click Create

2. Set Up Node-RED Flow

In Node-RED:

  • Add an HTTP In node listening to POST /webhook

  • Add a Function node to validate the Authorization token

  • Add HTTP Response nodes for success and error

Here is the full flow you can import into Node-RED:

[
  {
    "id": "http_in_node",
    "type": "http in",
    "z": "flow",
    "name": "Webhook In",
    "url": "/webhook",
    "method": "post",
    "upload": false,
    "swaggerDoc": "",
    "x": 160,
    "y": 100,
    "wires": [["check_auth"]]
  },
  {
    "id": "check_auth",
    "type": "function",
    "z": "flow",
    "name": "Check Authorization",
    "func": "// Expected token\nconst expectedToken = \"Bearer ABC123\";\n\n// Normalize headers to lowercase (as received)\nconst authHeader = msg.req.headers['authorization'];\n\nif (!authHeader || authHeader !== expectedToken) {\n    msg.statusCode = 401;\n    msg.payload = { error: \"Unauthorized\" };\n    return [null, msg];\n} else {\n    return [msg, null];\n}",
    "outputs": 2,
    "noerr": 0,
    "x": 360,
    "y": 100,
    "wires": [["success_response"], ["unauthorized_response"]]
  },
  {
    "id": "success_response",
    "type": "http response",
    "z": "flow",
    "name": "HTTP 200 OK",
    "statusCode": "",
    "headers": {},
    "x": 580,
    "y": 80,
    "wires": []
  },
  {
    "id": "unauthorized_response",
    "type": "http response",
    "z": "flow",
    "name": "HTTP 401 Unauthorized",
    "statusCode": "",
    "headers": {},
    "x": 600,
    "y": 120,
    "wires": []
  }
]

🛠️ How It Works

  • Webhook triggers a POST request to /webhook

  • Node-RED extracts the Authorization header

  • The Function node compares it with your expected value

  • Depending on the result:

    • HTTP 200 is returned (valid)

    • HTTP 401 is returned (invalid or missing)

⚠️ Common Pitfalls

  • Header names in msg.req.headers are always lowercase in Node-RED.

  • Ensure no whitespace or encoding issues in the header value.

  • If you're using CakeRed (hosted Node-RED on Datacake), ensure your firewall path allow list is correctly set.

🔒 Security Notes

  • Use secure, unguessable tokens (UUIDs or strong random strings).

  • Never share your tokens in public repositories or docs.

  • Consider rotating tokens periodically.

💬 Questions?

Note: If you're running Node-RED locally (e.g., on a Raspberry Pi), you need to expose it via the internet (e.g., via , reverse proxy, or public cloud service) to receive webhooks.

If you have questions or run into issues, feel free to

Ngrok
contact support