(no title)

> MessageBird sends a couple of extra parameters with each request, including a callID. When a new request comes in, we’ll make an API call to MessageBird, to verify whether this voice call actually happened and if it happened within the last 2 minutes. We also used the query parameters destination and source from the incoming webhook call and matched these against the data from MessageBird. This would make sure that only “real” doorbell calls would trigger Slack notifications.

This approach seems to be reinventing the wheel of validating MessageBird webhook calls. From their docs (https://developers.messagebird.com/docs/voice-calling#handle...):

> Each callback HTTP request is signed with a signature, a base64 encoded HMAC found in the X-MessageBird-Signature HTTP header. To ensure the callback is coming from the MessageBird platform, we strongly advise to validate its signature by calculating the HMAC of the callback and base64 encoding it. Using HMAC-SHA256, the HTTP body is the message and the token of the related webhook resource is the secret. Only handle the webhook if the computed value matches the signature in the HTTP header.