I set up an AWS API Gateway with a webhook and want to accept POST requests from only a Zapier trigger/web request. I've done research on OAuth and authentication (listed below), but I'm new to APIs/webhooks and could use help. Is OAuth appropriate, or would that be over-engineering? If OAuth is appropriate, can someone explain why?
I hard-coded a string key on Zapier (the client) which is checked on the API Gateway (handles the resources), to determine whether or not to accept the request. The only security concern I can see is if someone accessed our Zapier and/or AWS account, thus being able to read our key. In that case though, our security is already compromised. OAuth seems to be for applications which need to share sensitive data with each other - I just want to filter POST requests.
I've done a ton of reading about OAuth, for example:
- Stack Overflow: What is OAuth
- Stack Overflow: OAuth with REST
- Stack Overflow: When to Use OAuth