A Webflow user can easily install a malicious (or just poorly written) integration that deletes all of the webhooks on their site. Thus breaking any other integrations they may have had installed.
First get all the webhook IDs
https://developers.webflow.com/#list-webhooks
Then iterate over the list and delete each one
https://developers.webflow.com/#remove-webhook
Note that as of today I've already seen this being abused.
Chris Spags
.svg){kind=logo}
Thanks for the report. Confirmed that webhooks will be covered in our annual security review performed by external reviewers, so with that information, this item is going to be closed. Any flaws or security issues brought up will be dealt with swiftly.
Next time that you suspect a bug or security issue please report it directly to support @webflow.com. Thanks again.
Webflow webhook has too many security flaws.
1. Should definitely remove the webhook list api so that other integrations can not see it
2. Should also have a way to authenticate on the server where the request is being sent to, so that the server knows where the request is coming from and if its a valid request or not
Using the webhook listing api a third party integration can send invalid data to other webhooks
what are you proposing as a solution? disable "list-webhooks"?