Terraform Cloud : Notification Webhook URL

Hi Team,

I’m working on a solution to send out notifications from Terraform Cloud workspace to ServiceNow, The webhook URL that I’m using is like username:password@instanceURL/api-destination. Is there any other way how I can connect to an API in ServiceNow without using any OOB connector of terraform cloud. The concern is that I don’t think it’s appropriate solution to have username and password in the URL of the webhook and I tried adding it the other way but the Terraform Cloud is not Accepting it.

Hi @raghavmanchanda68, there’s no requirement to put username and password into the URL. Terraform Cloud webhooks use HMAC authentication, not basic. The URL should just be instanceURL/api-destination. The “Token” field is where you put an arbitrary secret string that Terraform Cloud will use to encode the notification and securely deliver it to ServiceNow. The ServiceNow endpoint would then need logic to decode the HMAC signature upon receiving the request. Documentation: Notifications - Workspaces - Terraform Cloud | Terraform | HashiCorp Developer.
Can you share more about the solution you are working on?

HI @polina.jastrzebska ,

Thanks a lot for your response but I can’t share much about the solution. The only thing I can tell you is that I’m trying to send out notifications from Terraform Cloud to ServiceNow. From ServiceNow side I’m using a Scripted Rest API for which I’m adding the Link to in the webhook URL and not sure how t generate a token for HMAC authentication. Since terraform cloud is not accepting it without username and password that’s why I reached out to the community. Please let me know if you have more information.

Thanks in advance

To securely connect Terraform Cloud to ServiceNow without embedding credentials in the webhook URL, consider using an intermediary service like AWS Lambda or Azure Functions. This service can securely store credentials, retrieve them to authenticate with ServiceNow, and then process the notifications. Alternatively, develop a custom Terraform provider that handles secure authentication, or use external automation tools with secure credentials storage.