This topic was automatically generated from Slack. You can find the original thread here.
Is this a bot slamming an endpoint, or something gone awry on the Pipedream side? Can an endpoint be restricted to POST only?
Not coming from Pipedream, but definitely seems like someone got access to your webhook URL. If possible, I’d probably delete and recreate the webhook.
You can’t restrict to POST in the webhook config, but you can as a step in your workflow (though you’d be paying for those credits)
Bummer, obv that wouldn’t be any different than just letting the GETs through. Don’t suppose that is on the roadmap to provide method filtering prior to workflow invocation?
In the meantime, I’ll clone the workflow and get a new endpoint.
Thank you for the confirmation.
What you can do though is configure auth on the endpoint. Then Pipedream will just discard any requests that don’t pass your token.
Btw you can do that and or generate a new webhook URL without needing to clone the workflow, but your call.
A hacky way to allow only POST requests is to configure your webhook to emit the request body only, that way it’ll ignore requests that don’t have a body (e.g. GET requests)
But yeah I also think you should rotate the endpoint if possible