Post

2 followers Follow
0
Avatar

Verify that Podio is calling my API hooks

So, my first question on this new Podio developers forum. Is there a way to determine if the API hooks which can be called by Podio to an external system are actually from Podio itself?

The hooks I mean are item.update, file.change e.g. I could not find this information. Now anyone could 'post' that data to a given URL which might not always be what you want.

Is there a set of IP addresses from which you can determine that the request is actually coming from Podio?

Kind regards

pluscloud Answered

Please sign in to leave a comment.

1 comment

0
Avatar

I would not recommend verifying the requests from Podio by looking at the IP address. While  the IP addresses of the API servers will probably not change in a foreseeable future, it is a cluster of servers - each with its own IP address - and as we add more servers to that cluster you would need to update your IP check.

Instead you should implement security using a secret key in the url you supply to Podio, either as a query string or as an actual part of the URL. E.g. you could enter http://myserver.com/myhook?secret=1234 and then check that the secret matches when you get an incoming request from Podio.

Casper Fabricius 0 votes