How Can I Verify the Authenticity of a Connect Card Callback Request?

Question

At the final step of creating a Connect Card, Fivetran redirects me back to my site. How can I verify that the callback request I receive comes from Fivetran?

Environment

Connect Cards

Answer

To verify the authenticity of the callback request, do the following:

1. Ensure the incoming request URL belongs to the fivetran.com domain.
2. Verify that the Location header in the response contains a URL within the fivetran.com domain.
3. We include a token in our response and embed the same token in the redirect URI. Compare the token in the URI with the token in our response, ensuring they match.

For more information, see our example Connect Card response.