Simon Trigona Posted August 21 Share Posted August 21 When we receive a webhook request, we need to validate it's a real webhook event and not something fake/malicious. We do this by making a getApiSession https://developer.intacct.com/api/company-console/api-sessions/#get-api-session with the session from the webhook request and comparing the results (that it's a valid session + compare the company from the session to the company on the webhook request). I don't think I see a way to perform the above validation through the new REST api. Is this on the roadmap? Link to comment Share on other sites More sharing options...
Members Sterio, Louis Posted August 26 Members Share Posted August 26 @Simon Trigona We're aware of this use case. I'm collaborating with the API engineering team and architects to add it to the roadmap and ensure it's supported. 1 Link to comment Share on other sites More sharing options...
Recommended Posts