Verify that Podio is calling my API hooks
Answered
So, my first question on this new Podio developers forum. Is there a way to determine if the API hooks which can be called by Podio to an external system are actually from Podio itself?
The hooks I mean are item.update, file.change e.g. I could not find this information. Now anyone could 'post' that data to a given URL which might not always be what you want.
Is there a set of IP addresses from which you can determine that the request is actually coming from Podio?
Kind regards
-
I would not recommend verifying the requests from Podio by looking at the IP address. While the IP addresses of the API servers will probably not change in a foreseeable future, it is a cluster of servers - each with its own IP address - and as we add more servers to that cluster you would need to update your IP check.
Instead you should implement security using a secret key in the url you supply to Podio, either as a query string or as an actual part of the URL. E.g. you could enter http://myserver.com/myhook?secret=1234 and then check that the secret matches when you get an incoming request from Podio.
Please sign in to leave a comment.
Comments
1 comment