search

mattstein / snipcart-craft-plugin

A Craft plugin for browsing Snipcart API information from the Craft control panel.
MIT License
29 stars 5 forks source link

Authentication #4

Closed pju- closed 8 years ago

pju- commented 8 years ago

Hello, it seems there is not authentication taking place with the "order completed" webhook. Is that right? So anyone sending a faked post request can mess with the inventory if one would implement the hook as is?

couellet commented 8 years ago

Webhook requests can be validated this way: http://docs.snipcart.com/configuration/json-crawler#validating-the-request

I don't think it would be very hard to add to the plugin.

mattstein commented 8 years ago

Thanks @pju- and @couellet! I'll get the plugin updated when I can and close this out.

mattstein commented 8 years ago

All set with this update, which includes a bit more cleanup as well. Thanks again for reporting, @pju-, and @couellet for help understanding the validation process.