Really looking forward the pending webhook feature, as the timing is perfect for the automation/integration we need to implement in our solution.
Before I implement I thought I'd check if anyone has implemented any form on automation, and if they have any advice.
My general approach to allow other systems to perform actions on behalf of users will include:
- borrow from impersonation logic to give systems necessary tokens to make API calls
- implement some form of public/secret auth logic to ensure legitimate machine-to-machine calls
- extend webhook subscriptions with boolean variable AllowAutomation, so anly certain subscriptions can automate
Am I missing something obvious, particularly security wise? Any other suggestions?