We have an app added to Front, and many Front clients can install and start using it. I have set up Application Webhooks for this app. For the app to function properly, our clients need to contact us to set up a corresponding account in our system.
As part of the setup process, the user would authorize us through the OAuth flow.
When we publish the app, we have a concern that a random user might install the app and, because the app has webhooks enabled, we may start receiving events.
In the Front documentation, we have seen the following section in the Webhooks chapter:
“OAuth is required for published apps
If your webhook is part of an app that you are publishing on our App Store, you must add OAuth to the app so that customers can authorize that Front events be sent to your webhook from their instance.”
We want to make sure we understand correctly that only those instances which have authorized the app through OAuth will send events via webhook.
Thank you for your assistance.
Best regards,
Karthik Vishwambar
