Hi Otto Team,
We’re using OttoFMS and its Webhook feature in the following context.
A FileMaker server not directly accessible from the internet and a SPA-like React website that requests FMS via Otto.
Access to the Otto console can be filtered via the settings.
However, we are required to open port 443 on the following URLs:
- domain/otto/receiver
- domain/otto/filereceiver
Do you think it’s possible to also have a filter (or a way to add rules) on the Webhook part for better security?
Thank you very much for your work.
If you disable “Auto-register webhooks” at the top of the webhooks page, this will reject any path that is not pre-defined. Is that what you’re looking for?
I may have misread your message, but in case you are making these requests directly from a client-side browser, I would strongly suggest using a proxy layer in between so that no API keys are exposed to the browser (which are required for the use of Webhooks).
Hi Eric,
Yes, i have disabled the “Auto-register webhooks”.
And yes, i am using a client-side browser app so we did the proxy stuff.
Thanks.