With the Cisco Spark API, creating a webhook is a core part of the interaction. The webhook allows the API to notify our applications when an event occurs. This is needed due to the interactive nature of the Cisco Spark Client.
A concern among security professionals was how do we know a webhook is actually from Cisco? A common request was for Cisco to provide a list of IP Addresses the webhook calls orignate from so that they could be whitelisted. However, due to the nature of cloud apps, this becomes very unwieldy if not impossible. Previously, short of obfuscating and/or regularly randomizing the callback url or perhaps dropping some hash in the name field of the webhook, there were few options. To solve this security concern, Cisco recently introduced a method that allows us to authenticate an incoming webhook.Read More »