Hello,
Hoping someone can point me in the right direction. In short, with the new webhook verification process do we now have a chicken-and-egg situation?
Let me explain…
When we go in to create a Server to Server Application, upon starting the creation process we are provided with the various credentials, including app secret, id and webhook secret.
Now, in order to configure a webhook, we need to use the webhook secret to perform the validation. So we need to ‘store’ this information, or re-write code to use the webhook secret before we can save the application? I’m hoping this makes sense.
Consider a scenario where users create an app with the intention of using the app to connect to a service. They need to save such credentials in the service but can only get these credentials by starting the create app process…
It seems strange that you can’t complete the app-creation process before saving the credentials in whatever service you are using.
Does this make sense? I might not be explaining it properly…
Cheers,
Jon