I’d like to be able to add a modicum of security to my Xano API endpoints that are sent webhooks by Noloco. Is there a way to set a custom header, or even a basic app wide API key (if not I’ll post as a feature request as think it’d be super helpful)?. If not, does Noloco have a set range of IP addresses or static IPs from which webhooks are sent so I can validate against these?
Great question Luke!
Unless you can add any Auth tokens to your query parameters of your URL, we can’t add headers.
However you can validate it comes out our static IPs
Great shout regarding the query parameters, I’ll check that out in Xano and report back. Otherwise static IPs will do fine, thanks for the link 
1 Like
OK, so turns out Xano is pretty smart, if you use variables in the URL, it passes these into the request body. You can then use a precondition function to check the value and return an error message if not matched. Always learning 
1 Like
Wonderful! Sounds like a much more secure solution