Author:  minithings4life  Posted:  Apr 12, 2017 03:35  Subject:  Re: API Push Notification Signatures  Viewed:  37 times  Topic:  Suggestions Cancel Reply	BrickLink ID Card minithings4life (17127) Location:  United Kingdom, England Member Since Contact Type Status Feb 18, 2003 Seller Store: Minithingsforlife
To ensure that the request is coming from Bricklink, just verify that the contents in POST are the fields that you are expecting from Bricklink. Does it include a valid Bricklink order number for example. Then validate each piece of data, to ensure there is no SQL injections, or other nasties.

Message is in Reply To:

API Push Notification Signatures - ignacioxd (87)

The API currently allows registration of notification URLs that will get POST data once some events are raised (orders, messages, feedback). This is great! However, in [...] (87 months ago, Apr 12, 2017, to Suggestions)

Message Has 1 Reply:

Re: API Push Notification Signatures - ignacioxd (87)

[...] Just because the payload is valid does not mean it comes from BrickLink though. For example, let's say I know that a particular store receives push notifications [...] (87 months ago, Apr 12, 2017, to Suggestions)

4 Messages in this Thread:

 Msg 1 - ignacioxd (87) 87 months ago Apr 12, 2017 to Suggestions
 Msg 2 « - minithings4life (17127) 87 months ago Apr 12, 2017 to Suggestions
 Msg 3 - ignacioxd (87) 87 months ago Apr 12, 2017 to Suggestions
 Msg 4 - ignacioxd (87) 87 months ago Apr 16, 2017 to Suggestions