We have a custom CRM extension for our contacts that will allow us to show some data from our local CRM in the hubspot contact as detailed on: https://developers.hubspot.com/docs/methods/crm-extensions/crm-extensions-overview
To do this I have created a small webservice that we will host on one of our servers that provides hubspot with the UI json, and an endpoint to call when the action buttons are clicked. This works fine.
We want to be able to restrict access to this webservice so that only requests coming directly from hubspot are accepted. We cant seem to find a proper list of the IPs used by the APIs though? The support guys advised us to restrict by domain, however looking at the requests they all come from aws domains so that wont work
What should we do?/What other things have people done to get around this issue?