# Webhooks, OAuth, and SaaS Integration Security > **Intro:** Integration security is usually where product teams accidentally create broad trust because the external system seems helpful or familiar. This page focuses on the trust decisions hidden inside common SaaS integrations. > > **What this page includes** > > * webhook verification and replay control > * OAuth scope and lifecycle review > * partner and SaaS integration risk questions > * what to document before launch ## Webhook review * how is payload authenticity verified? * what is the replay window? * what business action happens if the webhook is accepted? * does the receiver log verification result and delivery identity? ## OAuth integration review * what scopes are requested and why? * who approved the scope set? * what happens when the token is revoked or expires? * can the integration act across tenants or only within one tenant? ## Product launch checklist * data fields shared with the partner clearly documented; * failure and retry behavior reviewed; * callback endpoints and secrets rotated without downtime; * offboarding path and token revocation defined. ## Related pages * [Service-to-Service Auth, Webhooks, and Event-Driven Security](/architecture-api-crypto-and-identity/index-1/service-to-service-auth-webhooks-and-event-driven-security.md) * [API Security](/architecture-api-crypto-and-identity/index.md) *** *Author attribution: Ivan Piskunov, 2026 - Educational and defensive-engineering use.* --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.product-security.expert/devsecops-cicd-and-supply-chain/index-2/webhooks-oauth-and-saas-integration-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.