I wanted to make a webhook in order to change the status of a document in my collection. This will trigger other events.
Router.route('/mandrill/invitation_sent', { where: 'server' })
.post(function () {
var response = EJSON.parse(this.request.body.mandrill_events);
Players.update({
"email": {
"$in": _.map(_.where(response, {
event: 'send'
}), function (obj) {
return obj.msg.email;
})
}
}, {
"feed": {
"$push": {
title: "Player invited",
icon: "ios-player-invited"
}
}
})
});
});
However... can't I just post directly to this webhook manually?
>>> import requests
>>> webhook_url = '<url>.com/mandrill/invitation_sent'
>>> payload = { 'mandrill_events': [{ 'event': 'send', 'msg': { 'email': '[email protected]'}}]}
>>> requests.post(webhook_url, data=payload)
<Response [200]>
How do I know the request is coming from a trusted source? Is there some canonical way to make sure that a webhook is receiving data from a trusted source?
Mandrill webhooks do authenticate their requests sent to you. Check out their documentation.