Protect route for incoming Bitbucket webhooks #84
Labels
[Component] API
Concerns REST API Endpoints, e.g. for incoming webhooks
[Type] Question
Support requests and other types of questions
Comments
swissspidy
added
[Type] Question
|
Could we adapt API Endpoint to include the secret in the URL? So instead of |
|
Hmm... Something like that is certainly doable, but I don't particularly like it. Especially since I would not want to support this for non-Bitbucket-requests |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue Overview
In #70 we discussed how we can better protected the incoming webhook route for Bitbucket requests.
Bitbucket.org doesn't support secrets, so it's not really possible to verify these requests.
Right now we simply let all requests pass, which is not ideal.
What we could do:
Error prone, doesn't help that much.
Poor UX because they don't work out of the box.
Additional context
#70
The text was updated successfully, but these errors were encountered: