سؤال
I am using mailchimp webhooks which pings a method in one of my controllers of my application. This method is protected using
https://stackoverflow.com/questions/22480895
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianbefore_action :restrict_access
def restrict_access
authenticate_or_request_with_http_token do |token, options|
token == Crm::Application.config.api_key
end
end
This works perfectly when sending HTTP_AUTHORIZATION=mytoken in the header of the request.
There is no way for me to edit the header of the webhook to include the token. Is there no way to add the token to the url and have authenticate_or_request_with_http_token pick it up?
Thanks.
المحلول
Kind of disappointing, but in their docs they suggest adding a secret key param in the webhook URL you provide. http://apidocs.mailchimp.com/webhooks/ So you could potentially do that, and add that check to your method.
With the Shopify API webhooks, they actually send a specific header for you to check, and in their docs explain on how best to do it, which I think is more correct.
