Simon Trigona Posted August 21, 2024 Posted August 21, 2024 When we receive a webhook request, we need to validate it's a real webhook event and not something fake/malicious. We do this by making a getApiSession https://developer.intacct.com/api/company-console/api-sessions/#get-api-session with the session from the webhook request and comparing the results (that it's a valid session + compare the company from the session to the company on the webhook request). I don't think I see a way to perform the above validation through the new REST api. Is this on the roadmap?
Members Sterio, Louis Posted August 26, 2024 Members Posted August 26, 2024 @Simon Trigona We're aware of this use case. I'm collaborating with the API engineering team and architects to add it to the roadmap and ensure it's supported. 1
Recommended Posts