Webhook Authentication

Is it possible to authenticate Webhook requests to ensure that only CM can send data to our service?

For example, here's how Mandrill achieves this:
http://help.mandrill.com/entries/23704122-Authenticating-webhook-requests

Many thanks

terryt terryt, 2 years ago

Hi Phil1,

At this stage we don't support authentication for webhooks. There is an existing feature request, but it's not very highly requested. If you're looking to apply some basic level of security, you can always do some combination of the following:
* Lock the firewall down to our IPs: http://help.campaignmonitor.com/topic.aspx?t=77
* Call back into our API to do a sanity check on any data received (this is unlikely to cause issues unless data is changing extremely rapidly)

You could also implement some combination of the IP and API sanity check. Something like calling our API to verify that a change was made when you receive information from an IP you don't recognize.

I've gone ahead and added this forum thread to the feature request so you'll be notified when this is implemented.


Terry Tice
Campaign Monitor

Join 150,000 companies around the world that use Campaign Monitor to run email marketing campaigns that deliver results for their business.

Get started for free
1-888-533-8098