question

Nikolai Chashchin avatar image
Nikolai Chashchin asked Nikolai Chashchin answered

Webhook source validation

Hi Community,

Whenever webhook notification is coming I would like to check that the source it is coming from is https://platform.devtest.ringcentral.com. I need it as a extra security measure. Can I rely on the IP address of https://platform.devtest.ringcentral.com for Sandbox and https://platform.ringcentral.com for production environment? Can I hardcode these (IPs) in my code?

Thanks!

Best,

Nikolai Chashchin


ringcentral appwebhooks
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Phong Vu avatar image
Phong Vu answered

For security, you don't verify the domain, but you should set the verification secret code and check it in the header. Here is an example

// Specify the secret token when creating your webhook notification
    ...
    deliveryMode: {
            transportType: "WebHook",
            address: DELIVERY_ADDRESS,
            verificationToken: "ThisIsMySecrettoken",
          },
    ...

// Print the headers upon receiving inbound any webhook message

console.log("HEADERS", req.headers)

// Print:

HEADERS {
  host: 'db41-42-119-224-213.ngrok.io',
  'user-agent': 'RingCentral-WebHook/8.3',
  'content-length': '849',
  accept: 'application/json',
  'accept-encoding': 'UTF-8',
  'content-type': 'application/json; charset=UTF-8',
  'verification-token': 'ThisIsMySecrettoken',
  'x-forwarded-for': '80.81.140.4',
  'x-forwarded-proto': 'https'
}
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Nikolai Chashchin avatar image
Nikolai Chashchin answered

Hi Phong,

Thanks for the tip.

I'm doing it. But is it possible to also check the ip? Or is it somehow dynamic?

Best,

Nikolai

1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Developer sandbox tools

Using the RingCentral Phone for Desktop, you can dial or receive test calls, send and receive test SMS or Fax messages in your sandbox environment.

Download RingCentral Phone for Desktop:

Tip: switch to the "sandbox mode" before logging in the app:

  • On MacOS: press "fn + command + f2" keys
  • On Windows: press "Ctrl + F2" keys