FlightAware Discussions

RegisterAlertEndpoint Security

Is there any way to secure the RegisterAlertEndpoint callbacks and validated it as a FlightXML call? like some fixed IP or some HTTP Header?

thank you

One method is to call RegisterAlertEndpoint with a URL on your server that contains a parameter with a secret token, and ensure your endpoint is checking that value. For example: https://myserver.example.com/path/handler.cgi?secretkey=abc123

Using https instead of http is also generally recommended.

You can also verify that that remote IP address of the POST is from one of our server IP blocks:

1 Like

Great idea, thanks for the answer