Skip to main content


We have an app added to Front, and many Front clients can install and start using it. I have set up Application Webhooks for this app. For the app to function properly, our clients need to contact us to set up a corresponding account in our system.
 

As part of the setup process, the user would authorize us through the OAuth flow.
 

When we publish the app, we have a concern that a random user might install the app and, because the app has webhooks enabled, we may start receiving events.
 

In the Front documentation, we have seen the following section in the Webhooks chapter:

“OAuth is required for published apps

If your webhook is part of an app that you are publishing on our App Store, you must add OAuth to the app so that customers can authorize that Front events be sent to your webhook from their instance.”
 

We want to make sure we understand correctly that only those instances which have authorized the app through OAuth will send events via webhook.

Thank you for your assistance.
 

Best regards,
Karthik Vishwambar
 

Hi Karthik,

There should be no risk of unknown users enabling the app.

Your users will need to initiate the OAuth connection from within your application; after that point (when the OAuth connection has been established), data will be able to flow from Front to your Webhook Application.

Reply


Terms & ConditionsCookie settings