Hi Community,
Whenever webhook notification is coming I would like to check that the source it is coming from is https://platform.devtest.ringcentral.com. I need it as a extra security measure. Can I rely on the IP address of https://platform.devtest.ringcentral.com for Sandbox and https://platform.ringcentral.com for production environment? Can I hardcode these (IPs) in my code?
Thanks!
Best,
Nikolai Chashchin
For security, you don't verify the domain, but you should set the verification secret code and check it in the header. Here is an example
// Specify the secret token when creating your webhook notification
...
deliveryMode: {
transportType: "WebHook",
address: DELIVERY_ADDRESS,
verificationToken: "ThisIsMySecrettoken",
},
...
// Print the headers upon receiving inbound any webhook message
console.log("HEADERS", req.headers)
// Print:
HEADERS {
host: 'db41-42-119-224-213.ngrok.io',
'user-agent': 'RingCentral-WebHook/8.3',
'content-length': '849',
accept: 'application/json',
'accept-encoding': 'UTF-8',
'content-type': 'application/json; charset=UTF-8',
'verification-token': 'ThisIsMySecrettoken',
'x-forwarded-for': '80.81.140.4',
'x-forwarded-proto': 'https'
}
Hi Phong,
Thanks for the tip.
I'm doing it. But is it possible to also check the ip? Or is it somehow dynamic?
Best,
Nikolai
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.