Incoming Webhook enable Teams

Frequent Visitor

Hello Everyone, 

I would like support from you. I have a demand about using the Webhook service. I saw that there is a method of ensuring security between channels via HMAC. The problem I see is that when I release the Webhook, it releases for everyone. How can I protect other entries / integrations without my permission? Is there anything standard with Webhook without using HMAC in the code, or from the moment I release it, is it possible to connect? Because I didn't see this type of configuration in Teams, just the option to release.


I know that the HMAC configuration should be in the .js script (for example). What is the way to avoid other connections / integrations?


Thanks advance! 


Caio R.

1 Reply
best response confirmed by AppSec_Caio (Frequent Visitor)

@AppSec_Caio Incoming webhooks are specific to a channel and allows everyone in the channel to view it. It is not possible to restrict the visibility/integration of incoming webhooks to specific people.