|
|
|
|
|
|
by ihsw
4646 days ago
|
|
|
Grooveshark does it as well. http://developers.grooveshark.com/docs/public_api/v3/ However it depends on a shared secret for generating/verifying signatures, and some companies (cough Stripe cough) have yet to implement that. As someone else has already mentioned, thankfully each webhook request from Stripe has an ID in it so you can query their API for verifying a webhook's authenticity. |
|
|
Speaking of which, the right way to do this is to validate their SSL client certificate, but I doubt many places are easily setup to do that - in fact I would bet the sending endpoint doesn't even use a certificate most of the time.