Hi Bubblers !
I have an app and trying to integrate it with Pipedrive.
The use case is :
-
my users will connect their Pipedrive account from my App. I allow users to connect their pipedrive account with an OAuth2 flow as request in Pipedrive doc. Everything works well.
-
I create a webhook in their pipedrive account by calling a POST endpoint from my bubble app (server-side) to pipedrive, Authenticating with Bearer access token. Works well.
-
Then my app will receive webhooks from their Pipedrive account to deal with their data. And here is the tricky part as I’d like to secure the endpoint by authorizing only authenticated calls received.
But :
Pipedrive webhooks onlysupport basic HTTP auth.
So if I want to secure the endpoint where I receive webhooks from pipedrive, I have to provide pipedrive http_auth_user / http_auth_password when creating the webhook, as mention in their doc.
But you can’t do this from bubble as you don’t have access to users password (which is good). Is there anything I am missing ? Could someone help with this ? How could I do this ?
I also tried a workaround by creating a specific password for each of my client, store it (with privacy rules, no one can see it), send it in a encrypted way when I create the pipedrive webhook. This way the endpoint would be without authentication, but I would be able to catch if the authorization headers match one of my client account specific password, and don’t allow any workflow from an attacker.
I can see that it works, and pipedrive sending back in the webhook headers the Authorization(containing “Basic user:password”), but it is base64 encoded, and I can’t figure out how to decode it server side on bubble ? So can’t do the matching with my database ? Any idea ?
Any help would be much appreciated