|
We do not really make any extra security checks on top of HTTPS protocol. We just send a handshake event and check that the server returns the expected value back. However, there is one way to protect API if needed, we can use API key header. Something like:
- the client builds publicly available web-hook endpoint and protects it with API key secret. In most cases "X-API-Key" HTTP header.
- the client shares this with us
- we can use it and deliver with each event from our system
|