ActiveCampaign Forum

Security in webhooks

How do you verify that a webhook is called by ActiveCampaign and not by some malicious person?

Does active campaign post a token, that can be verified?

+1 for @kraftvaerkas15754591’s question. What is the best approach to securing ActiveCampaign webhooks?

Seems like a good approach is for the vendor to sign the request, as is done by GitHub:

Does ActiveCampaign have this kind of signing, or does it plan to have it in the near future for webhooks?