# What login and password are for when creating a webhook


The `login` and `password` fields are needed if the webhook endpoint on your side is protected with Basic Auth. In this case, we use these credentials when sending HTTP requests with events to your endpoint.

## When the fields are needed

Specify `login` and `password` when creating a webhook if your server accepts incoming webhooks only after Basic Auth.

For example, your endpoint may require an authorization header before it accepts an event from Kinescope. Then the login and password from the webhook settings are used to access that endpoint.

## When the fields are not needed

If the endpoint is open for incoming webhooks or uses another verification method, you can leave `login` and `password` empty.

In this case, make sure the endpoint is still protected in a way that works for you: for example, it accepts requests only over HTTPS, validates the request source, or uses custom server-side verification.

## What to keep in mind

`login` and `password` are not credentials for your Kinescope account. They are credentials for your endpoint if it is protected with Basic Auth.

Do not use a personal account or control panel password in these fields. Create separate credentials for the webhook endpoint.

## Related materials

- [Create webhook](https://docs.kinescope.com/api/#v1-webhooks-create-webhook)
- [Webhook types](https://docs.kinescope.com/developer-guides/webhook-types/)