Q&A
webhook security - how do you verify incoming requests?
Oct 19312
using webhook triggers for several workflows and security is a concern. right now anyone who gets our webhook URL could fire the workflow with fake data
what are people doing for webhook security? specifically:
- validating the request comes from the expected source
- checking signatures/HMAC verification
- rate limiting incoming webhook calls
- validating the payload structure before processing
we handle PII in some of these workflows so this isnt just theoretical