Webhook verification

Question asked through support

I have been working over pipedrive different entities. Have also configured the proper webhooks. But i was wondering if there is something like verifying webhooks, that we can use to verify our request for example as shopify provides to verify the requests. https://help.shopify.com/api/tutorials/webhooks#verify-webhook

Whereas, in the response of your webhooks there is no such thing of api token etc which we can make use of.

No, at this time Pipedrive doesn’t offer any tokens or digital signatures for the webhooks, but it’s a good suggestion. Thanks for the feedback!

It is absolutely needed @David as it is possible for anyone to spam my webhook and corrupts my data, which could be very painful to eliminate.

Indeed, is it not that hard to find the endpoint as it has often a basic structure (webhook/pipedrive or webhooks/pipedrive), and after that you can easily spam and corrupts other people’s data.

Mailgun does the same and I am pretty sure that it is not hard to implement on your side and it is still non-mandatory for users to verify webhooks.

1 Like