Verify that Podio is calling my API hooks



1 comment

  • Casper Fabricius

    I would not recommend verifying the requests from Podio by looking at the IP address. While  the IP addresses of the API servers will probably not change in a foreseeable future, it is a cluster of servers - each with its own IP address - and as we add more servers to that cluster you would need to update your IP check.

    Instead you should implement security using a secret key in the url you supply to Podio, either as a query string or as an actual part of the URL. E.g. you could enter and then check that the secret matches when you get an incoming request from Podio.

    Comment actions Permalink

Please sign in to leave a comment.

Powered by Zendesk