Author: | minithings4life | Posted: | Apr 12, 2017 03:35 | Subject: | Re: API Push Notification Signatures | Viewed: | 37 times | Topic: | Suggestions | |
|
| To ensure that the request is coming from Bricklink, just verify that the contents
in POST are the fields that you are expecting from Bricklink. Does it include
a valid Bricklink order number for example.
Then validate each piece of data, to ensure there is no SQL injections, or other
nasties.
|
|
Message is in Reply To: API Push Notification Signatures - ignacioxd (87) | The API currently allows registration of notification URLs that will get POST data once some events are raised (orders, messages, feedback). This is great! However, in [...] (87 months ago, Apr 12, 2017, to Suggestions) |
Message Has 1 Reply: Re: API Push Notification Signatures - ignacioxd (87) | [...] Just because the payload is valid does not mean it comes from BrickLink though. For example, let's say I know that a particular store receives push notifications [...] (87 months ago, Apr 12, 2017, to Suggestions) |
4 Messages in this Thread: Msg 1 - ignacioxd (87) 87 months ago Apr 12, 2017 to Suggestions Msg 2 « - minithings4life (17127) 87 months ago Apr 12, 2017 to Suggestions Msg 3 - ignacioxd (87) 87 months ago Apr 12, 2017 to Suggestions Msg 4 - ignacioxd (87) 87 months ago Apr 16, 2017 to Suggestions
Entire thread on one page This message and all its replies on one page
|
|