Integration Module 2.0

Integration Module 2.0 Introduces Secure, Multi-Auth Webhook API for Modern Integrations

Compose Collection-Integration-Module announced the release of a robust new version of Repacketeer Webhook API designed to simplify and secure the way systems communicate across enterprise environments. The endpoint delivers broad compatibility with modern authentication standards, while ensuring every connection is verifiable, auditable, and secure.

Multi-Method Authentication Built for Security and Flexibility

The Webhook API supports a wide range of authentication options, making it adaptable for various enterprise security policies:

  1. Basic Authentication — Traditional username and password in an Authorization header, suitable for simpler integrations.
  2. API Key Authentication — Secure key-based authentication via Bearer or X-API-Key headers.
  3. OAuth 2.0 — Full support for the Client Credentials Flow, enabling secure, token-based access.
  4. HMAC Signatures — Cryptographically signed requests with timestamp validation to prevent tampering or replay attacks.
  5. Signed JWT (JSON Web Token) — Compact, signed tokens for advanced client verification and short-lived access control.

Each method is tied to a specific source and subsource—allowing administrators to isolate credentials, track usage, and revoke access per integration.

Granular Source Management

The system introduces a “source/subsource” concept for fine-grained control. Integrations can define their identity through:

  • HTTP headers (X-Source, X-Subsource)
  • URL parameters (?source=&subsource=)
  • or the request body itself

This layered identification ensures that even if multiple services use the same authentication method, each webhook is tied to a precise configuration.

 

 

Advanced OAuth 2.0 and Token Lifecycle Management

For clients using OAuth 2.0, the module includes a full-featured token management API, complete with:

  • Token issuance
  • Revocation
  • Cleanup

Access tokens are stored securely in the database, set to expire automatically, and can be revoked on demand. An administrative cleanup process ensures expired tokens are routinely removed, maintaining optimal security hygiene.

Built-in Management and Monitoring

Beyond authentication, the Compose Collection-Integration-Module provides a comprehensive Management API suite for operational visibility and control:

  • Credential Management: Generate, regenerate, or revoke credentials for any source/subsource.
  • Statistics Endpoint: Retrieve webhook processing metrics—including counts of processed, pending, and errored events.
  • Health Checks: Verify system status, authentication, and user role in real-time.

These tools empower both administrators and developers to monitor performance and manage credentials without leaving the API ecosystem.

End-to-End Audit and Compliance

Every webhook request is logged with full authentication context, timestamps, and outcomes. Failed authentications are recorded for security auditing, while successful calls include metadata such as authentication type and webhook ID. HMAC signatures must be within five minutes of the current timestamp, ensuring replay protection and compliance with modern security standards.

Developer-Friendly Implementation

To speed up adoption, the documentation provides ready-to-use examples in curl, Node.js, and Deno, covering every supported authentication type. Example scripts demonstrate how to generate signatures, sign JWTs, and exchange OAuth tokens securely.

Security by Design

From short-lived OAuth tokens to HMAC timestamp validation, the Webhook API is designed around zero-trust principles. All external endpoints require authentication, and every credential type can be individually managed or revoked through the Management API.

 

 

About CC-Integration-Module
The CC-Integration-Module is a secure integration platform designed to streamline cross-system automation through authenticated webhooks, API gateways, and audit-ready communication pipelines.