I have looked at the Incoming Webhooks and I am quite excited about those. In certain cases, the incoming data is being sent by a third party so we can’t dictate how they authenticate e.g. Instant Payment Notifications. Is there a way to consume these IPNs via a callback URL to Triggre? Can this feature be added? Or is there a way to preconfigure the authentication on the incoming webhooks so this data is then accepted whenever it comes from a particular third party
Just throwing in a suggestion, based on the Exact Online Webhooks.
Exact uses a Webhook Secret, and the Content they sent creates a certain hashcode. The hash outcome is sent along with the Webhook request and all you have to do is compare this with your HMAC SHA256 calculation.
This way, Exact can still make use of a publicly available Webhook, but this authentication system prevents unwanted actions.
Furthermore, the Webhook call is merely a notice to the system (in this case Triggre) that it should do something with certain data.
I did not test this with Triggre yet, but it works in other situations.