# Securing webhooks Once your server is configured to receive payloads, it'll listen for any payload sent to the endpoint you configured. For security reasons, you probably want to limit requests to those coming from TextMaster. There are a few ways to go about this. For example, you could opt to allow requests from TextMaster's IP address but a far easier method is to set up a secret token and validate the information. ## Setting your secret token You'll need to set up your secret token in two places: on TextMaster when setting up the webhook URL and your server. To set your token on TextMaster, simply include the token in the callback URL either globally on the user account or on specific resources. Use a random string with high entropy to generate your token. You can use the following ruby command for example: ```shell ruby -rsecurerandom -e 'puts SecureRandom.hex(20)' ``` You can then include your secret token as an URL parameter of your choice. For example: ```shell curl "https://api.textmaster.com/v1/clients/users/USER_ID" \ -X PUT \ -H "Authorization: Bearer ACCESS_TOKEN" \ -H "Content-Type: application/json" \ -d ' { "user": { "callback": { "word_count_finished": { "url": "https://example.com/payload?token=6f90f415ca54b100c3e9d24fdf2988cbb0815f5d" } } } } ' ``` {% hint style="info" %} **Tips:** In the future, TextMaster will use your secret token to create a hash signature of each payload. This will allow to validate the payload sent from TextMaster and make sure it has not be tempered. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://developer.textmaster.com/webhooks-and-events/webhooks/securing-webhooks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.