Notification callback subscription URL validation
What's happening?
The Bandwidth App is using stricter validation on URLs provided for notification callback subscriptions.
Currently, Bandwidth App users receive warnings when submitting a URL with an invalid certificate. On March 3, 2025, the warning will be replaced with an error message, and invalid URLs will no longer be allowed.
What do I need to know?
By providing stricter validation around customer-provided URLs for callback subscriptions, Bandwidth is increasing the security between the Bandwidth App and customer applications. This reduces the risk of man-in-the-middle attacks where certificates are faked, allowing malicious actors to intercept data.
What do I need to do?
When creating a notification callback subscription, either via the API or within the Bandwidth App, it’s important to use a secure HTTPS (SSL/TLS secure) URL with a valid certificate (this means it is not self-signed, is not expired, and is from a valid Certificate Authority).
Non-secure HTTP URLs can still be used for backward compatibility, but this is discouraged due to the lack of encryption and security risk to customer applications.
Questions?
Please open a ticket with your Bandwidth Support Team or hit us up at (855) 864-7776!
Article is closed for comments.