I am very interested to implement WebHook for my current task, however the only problem I am face with is that the backend processing of the recipient is basically exposed to the web . How do you secure the invocation is by the correct source and not abused by hackers ?
I thought of a way to do this but I would like to hear you guys' discussion:
when application register to listen to a specific API , a token is given by the application to the API . When event happened , the token is passed by to the application.
Or do you guys have a better idea to implement in a better and standardised way ? I would like to hear how do you guys solve this problem.