For security, you don't verify the domain, but you should set the verification secret code and check it in the header. Here is an example
// Specify the secret token when creating your webhook notification
...
deliveryMode: {
transportType: "WebHook",
address: DELIVERY_ADDRESS,
verificationToken: "ThisIsMySecrettoken",
},
...
// Print the headers upon receiving inbound any webhook message
console.log("HEADERS", req.headers)
// Print:
HEADERS {
host: 'db41-42-119-224-213.ngrok.io',
'user-agent': 'RingCentral-WebHook/8.3',
'content-length': '849',
accept: 'application/json',
'accept-encoding': 'UTF-8',
'content-type': 'application/json; charset=UTF-8',
'verification-token': 'ThisIsMySecrettoken',
'x-forwarded-for': '80.81.140.4',
'x-forwarded-proto': 'https'
}
Hi Phong,
Thanks for the tip.
I'm doing it. But is it possible to also check the ip? Or is it somehow dynamic?
Best,
Nikolai