Is it possible to authenticate Webhook requests to ensure that only CM can send data to our service?
For example, here's how Mandrill achieves this:
At this stage we don't support authentication for webhooks. There is an existing feature request, but it's not very highly requested. If you're looking to apply some basic level of security, you can always do some combination of the following:
* Lock the firewall down to our IPs: http://help.campaignmonitor.com/topic.aspx?t=77
* Call back into our API to do a sanity check on any data received (this is unlikely to cause issues unless data is changing extremely rapidly)
You could also implement some combination of the IP and API sanity check. Something like calling our API to verify that a change was made when you receive information from an IP you don't recognize.
I've gone ahead and added this forum thread to the feature request so you'll be notified when this is implemented.