Advice on Mailchimp webhooks
I'm starting to build out a Mailchimp (MC) webhook using supabase Edge Functions, or maybe db Functions.
I'm really just asking here what might be the best approach for this.
I have a multitenant db utilizing RLS based on the user entityId (companyId), each Entity has multiple clients that I would like to sync to their MC audience (list), the entityId is stored in their JWT, and is checked in the db using an extension in prisma.
My users connect to Mailchimp using OAuth2 and their own username/password so the app has an access_token and datacenter (DC) for the users MC account.
The MC webhooks appear to send listids, however it doesn't mention anything about how unique this id is?
unique to the MC user, unique to the DC, anyway it seems it might be best to create a webhook for each entity in the app I am building.
So the question at this point does this seem like the correct way to approach this, a new function for each Entity (MCUser).
I'm not sure how I secure the function from abuse if the endpoint is found from a man in the middle attack?
As the function has no way to know who is calling it with updates?
I assume that the SSL is good enough? The end point could be named with a key and the key and listId could be used as a way to match the Entity (user)
I'm really just asking here what might be the best approach for this.
I have a multitenant db utilizing RLS based on the user entityId (companyId), each Entity has multiple clients that I would like to sync to their MC audience (list), the entityId is stored in their JWT, and is checked in the db using an extension in prisma.
My users connect to Mailchimp using OAuth2 and their own username/password so the app has an access_token and datacenter (DC) for the users MC account.
The MC webhooks appear to send listids, however it doesn't mention anything about how unique this id is?
unique to the MC user, unique to the DC, anyway it seems it might be best to create a webhook for each entity in the app I am building.
So the question at this point does this seem like the correct way to approach this, a new function for each Entity (MCUser).
I'm not sure how I secure the function from abuse if the endpoint is found from a man in the middle attack?
As the function has no way to know who is calling it with updates?
I assume that the SSL is good enough? The end point could be named with a key and the key and listId could be used as a way to match the Entity (user)
