events to come from certain IPs? I have list of 5 IPs. Can I just check for x-real-ip request header and if it includes then execute code otherwise throw error. Would this work or can it be improved?
That sounds unsafe, what if I just set x-real-ip to one of your whitelisted IP's and make a request
You mean to say it can be easily manipulated right? What would you suggest then?
usually webhooks are supposed to contain a checksum which can be verified
Yes I have done that. Verifying signature instead of verifying IPs
That should be enough
Обсуждают сегодня