REST Callback URL feature- Is Callback key sent as Authorization header?

Hey Logan, Your first assumption was correct that the callback key you registered is passed through the Authorization header as “Basic {callbackKey}” to make sure you’re receiving notifications that contain the shared secret, so you know you’re not getting spoof calls and can react accordingly. You can also refer to our Create a Callback Event Notification Listener guide where you can find more examples in action showcasing the suggested steps to handle the callback calls. Duo

Thanks for you swift response as always, Duo :)

So, Kindly let me know if my assumption is correct, Say for example I use the callback key as "xyzABC123" Then in the POST sent from ESL, I will have the Authorization: Basic xyzABC123 Just wanted to confirm, Thanks in advance Duo :) Best Regards, Logan

Hey Logan, Yes, your callback key will be included in request header in plain text. :) Duo