Securing Webhooks

security
webhooks

#1

Hi here !

I’m trying to build a messaging application based on webhook and, in the future, my app will manage more than one twitter application.
So, when u try to reply to the crc, u have a problem ! U don’t know which webhook from which app send you the crc…
To identify the app in the crc, we need an other parameter like app_id or webhook_id !

Do u know if, in your roadmap, u have this ? Or if u have a workarround for this it’s good too :smiley: !

Thanks !!

PS: I don’t speak english very well, so please, excuse me for my grammar and my orthograph !


#3

Hi @freyjow,

If you are going to share webhook URLs between apps, I would recommend adding an identifier (app ID as an example) as a parameter in the route of your URL or as a query string param. This is what many are currently doing.

Example:
https://my-webhook-url/webhooks/twitter/1234
or
https://my-webhook-url/webhooks/twitter?app=1234


#4

HI @joncipriano,

Many thanks ! I don’t know why i didn’t think of that but it’s perfect !