Currently SpringVerify hits a webhook api when the background check is finished. This works, but anyone can currently call this endpoint without authorization. Theoretically someone could approve their own background check. Can we lock this down?
Technical Details
Investigate options and report to team for approval. Potential solutions:
Description
Currently SpringVerify hits a webhook api when the background check is finished. This works, but anyone can currently call this endpoint without authorization. Theoretically someone could approve their own background check. Can we lock this down?
Technical Details
Dependencies