Webhook and ingest security checklist for production
Tokens, IP allowlists, HMAC outgoing webhooks, PII redaction, and team RBAC — a practical LoggerMan security walkthrough.
Security is layered
LoggerMan sits on the hot path between your application and long-term log storage. A single leaked ingest token allows arbitrary writes — treat tokens like database passwords.
Read the public security page and deep-dive docs/security before go-live.
Ingest authentication
- Use **scoped API tokens** where possible (API keys) instead of sharing the primary project token across microservices.
- Rotate after departures or CI leaks — regeneration is audited.
- Enable **ingest IP allowlists** when egress IPs are stable (Kubernetes NAT, fixed workers).
Outgoing webhooks
When LoggerMan notifies your systems, verify HMAC signatures — procedure in webhook signing. Reject replays by checking timestamps in your consumer.
PII and redaction
Configure field key redaction and custom patterns in project security settings (security). Pair with disciplined SDK metadata — do not log passwords, session cookies, or full payment instruments.
Share links support metadata redaction for external viewers (share links).
Team access model
- **Admin** — can change tokens, invites, and alerts; assign sparingly.
- **Editor** — can triage and bulk-edit logs.
- **Viewer** — read-only; preferred for support.
Invited **admins** cannot change their own role or see owner billing on team projects (team).
Compliance artifacts
- Privacy Policy
- Cookie Policy
- Imprint (operator details)
- Accessibility
Monitoring abuse
Watch for sudden ingest volume spikes — could be a loop or attacker with a stolen token. Usage headers and billing totals help; block via allowlist + rotation.