All URLs are validated through a simple token exchange mechanism so we may trust that you actually control the target server. Note that validation happens right at webhook creation, meaning that we will issue a request to you before successfully registering the webhook. The validation will send a
GET request to your
url with a query string of
check=<random_string>, your webhook server should respond back with the
<random_string> to be validated.
In the above example URL, you should return a HTTP 200 (HTTP 204 is not accepted, even though that is considered a successful response) along side with the string
example. The string will change with each webhook trigger, so it's necessary to have the same string that was returned to our server for validation.
If you use Zapier webhooks instead of your own backend's, validation will be automatic.
In the case that you do not have a server of your own, i.e. using another 3rd party platform, we recommend using services such as AWS Lambda functions. They can return the validation requirements back to our server, and redirect the payload further downstream to your integration platform.