Notification callback subscription URL validation

Ashley

Updated

What's happening?

The Bandwidth App is using stricter validation on URLs provided for notification callback subscriptions. 

Currently, Bandwidth App users receive warnings when submitting a URL with an invalid certificate. On March 3, 2025, the warning will be replaced with an error message, and invalid URLs will no longer be allowed.

What do I need to know?

By providing stricter validation around customer-provided URLs for callback subscriptions, Bandwidth is increasing the security between the Bandwidth App and customer applications. This reduces the risk of man-in-the-middle attacks where certificates are faked, allowing malicious actors to intercept data.

What do I need to do?

When creating a notification callback subscription, either via the API or within the Bandwidth App, it’s important to use a secure HTTPS (SSL/TLS secure) URL with a valid certificate (this means it is not self-signed, is not expired, and is from a valid Certificate Authority).

Non-secure HTTP URLs can still be used for backward compatibility, but this is discouraged due to the lack of encryption and security risk to customer applications.

Questions?

Please open a ticket with your Bandwidth Support Team or hit us up at (855) 864-7776! 

Article is closed for comments.