What kind of solutions have you used for authenticating Webhook requests coming to your backend from Marketo? The documentation (http://developers.marketo.com/documentation/webhooks/) totally ignores the subject. This is a bit strange as the documentation describes how to get sensitive user data from an apparently exposed public API. Also, in the forums there are some requests related to using OAuth2 in Webhooks but apparently this feature has not been implemented.
The only idea I can come up with is including a hard coded passphrase in the Webhook's GET or POST request parameters. I guess this is an acceptable solution if the passphrase is long enough and requests are sent over https.
Any comments or ideas?
Solved! Go to Solution.
I asked customer support about the ip ranges and go the following info:
"There is no article I could refer you to in regards to IP Range Enquiry. We actually access a cached version of the application at the nearest location, so this might vary. I will investigate for you and let you know about outcome."
And (I have deleted all the info related to out instance):
As your instance of Marketo is located on our xxx pod in our xxx datacentre, these are the IP addresses you can expect the webhook requests to come from:
These are currently not posted anywhere customer-facing I'm afraid. However feel free to request the list any time you need it."
"As far as I know, these IP addresses have not been changed since they've been introduced a couple of years ago. I don't foresee them changing at all in the future. If there was to be a decision to change them, a customer notification will be sent out to all affected customers."
Thanks again for sharing your experiences,