I am looking at the integration of webhook, and would like to ask if the http callback of webhook has verification information. I think if my callback url is leaked, because it is open to the Internet, if there is no verification mechanism, there will be some risks. Can anyone help me, thanks
Hello there @ryan1 and welcome to the community!
I hope you like it here
What we use for knowing that an endpoint is legitimate is the challenge as explained here.
The endpoint you use for the webhook is chosen by you and no one will be able to access it from outside your account. The challenge ensures that this is a valid endpoint that returns said challenge to monday.
We do not use other types of validations for this.
If you think other people know about your endpoint because you have shared it somehow, you can always change that endpoint
If you feel that this is a critical issue for you, I would recommend shifting your integration to use monday’s Apps Framework. There are a number of benefits including more robust authorization/validation. And for this specific use case, it’s not super complex.
Thanks for your guidance
I want to integrate with monday sales crm, the modifications made by crm are sent to me through webhook, instead of building the app myself, can this be achieved through app framework?
If you are referring to standard monday webhooks, yes.