Hi,
I'm currently writing a webhook and want to be conscious of the vulnerabilities that it poses. What are the best pratctices that marketo supports for webhooks? Is there a key I can validate against the rest api, or a list of IPs I can whitelist?
Thanks
Lexine
Webhooks are stateless, so you will always be sending credentials with the webhook request. On the back end, you can pass those creds to some more complex authorizer, but there is always some decrease in performance as a result.
Typically you send a header with the equivalent of an "API key." It could either be a true API key that is authorizes against some gateway service (in-between Marketo and your back end) or it could be HTTP Auth sent in an Authorization: header (processed directly by your back end, against a password file, database, etc.).
Make sure you run https:// on your back end and distribute credentials carefully so they are never shared among apps/clients, allowing credentials to be revoked without side effects.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.