Securing webhooks?

Securing webhooks?

Hello Zoho,

I am currently working on integrating webhooks in my application so that it gets notified of subscription modifications. The goal is to not have to poll the Zoho API and reduce the usage.

The problem I am facing now is that my customers can easily figure out I'm using zoho services, and could potentially find the webhook URL used. With both information in their hands they can then forge a webhook request to make my application think that a subscription has been renewed.
  1. I could create a hard to predict URL for the webhook, but that's not bulletproof.
  2. I could crosscheck the webhook's payload with an API call, but that would increase my API usage.
  3. I could "resync" by fetching all zoho events at the end of the day everyday, but that would give the user a day's worth of free subscription and he could then redo it everyday.

So I'm think of implementing the first and last possibility, if a resync finds out a user cheated on me, they are marked as cheaters and treated as so, from now on if I receive a webhook for that user I use the second option to make sure I'm not getting cheated again.

This seems like a heavy lifting work for just something that could be done using private tokens... Please, before I start working on all this, could you share how you are handling it? And if the Zoho team could provide me with a "best practice" for handling webhooks, I'd appreciate it much.

    Zoho Desk Resources

    • Desk Community Learning Series


    • Digest


    • Functions


    • Meetups


    • Kbase


    • Resources


    • Glossary


    • Desk Marketplace


    • MVP Corner


    • Word of the Day


      • Sticky Posts

      • Introducing Invoice Consolidation for Offline Subscriptions

        Hello Folks, Glad to announce the feature of Invoice Consolidation for Offline Subscriptions. If you are having multiple subscriptions for your customers, now, you can send a single consolidated invoice for all the Offline Subscriptions that are getting renewed on the same date. Advantage?  Customers will be receiving single invoice instead of multiple invoices upon renewal. Also reduces your efforts in follow-up with your customers for payment collections. For Example: If Customer has Subscription

      • New feature: Create back-dated subscriptions

        Hello from the Zoho Subscriptions team. :)   We’re happy to announce that today marks the launch of a much-awaited feature: creating back-dated subscriptions!   From here on out, whenever you create a new subscription with an activation date that is earlier than the present date, you’ll no longer get an error. Instead, you'll be creating a back-dated subscription. This means that the subscription started at that earlier point in time. The next billing date will be calculated automatically based on

      • Announcement Regarding Notification Emails

        Hello Everyone! This announcement is regarding the admin notification emails which you've been receiving from the email address "support@zohosubscriptions.com". From the 1st of October, 06:00 GMT, the emails with the following subjects will be sent from "no-reply@zohosubscriptions.com". Unable to send invoice for the profile - {profile_name} Unable to process auto payments. If you have set up any filters or workflow in your email account, please add "no-reply@zohosubscriptions.com” and  “support@zohosubscriptions.com”

      • Zoho Subscriptions plugin for WordPress

        Zoho Subscriptions plugin for WordPress allows you to easily embed your plan specific checkout page in an iframe with just a few mouse clicks and without a single line of code. How can WordPress Zoho Subscriptions Plugin boost your productivity? It's now easier to embed Zoho Subscriptions checkout page in your WordPress site. Forget the old method of logging in to Zoho Subscriptions, copying a URL and scripting to make adjustments. All this can be done automatically through this plugin. A great time

      • Indian GST organisation Migration Guide

        With respect to the new GST regime releasing on July 1, 2017in India, Zoho Subscriptions Indian edition is also gearing up to make your business GST Ready. This article focuses on how to get your existing organisation in Zoho Subscriptions to migrate to the new GST regime.    Note:  Any organisation created on or after July 1, 2017 will already be GST ready. You wouldn't have to migrate your organisation. Migrating your existing organisation to support GST To migrate your existing organisation to

      Zoho CRM Plus Resources

        Zoho Books Resources


          Zoho Subscriptions Resources

            Zoho Projects Resources


              Zoho Sprints Resources


                Zoho Orchestly Resources


                  Zoho Creator Resources


                    Zoho WorkDrive Resources



                      Zoho Campaigns Resources

                        Zoho CRM Resources

                        • CRM Community Learning Series

                          CRM Community Learning Series


                        • Tips

                          Tips

                        • Functions

                          Functions

                        • Meetups

                          Meetups

                        • Kbase

                          Kbase

                        • Resources

                          Resources

                        • Digest

                          Digest

                        • CRM Marketplace

                          CRM Marketplace

                        • MVP Corner

                          MVP Corner




                          Zoho Writer Writer

                          Get Started. Write Away!

                          Writer is a powerful online word processor, designed for collaborative work.

                            Zoho CRM コンテンツ




                              ご検討中の方