https://community.hubspot.com/t5/APIs-Integrations/CRM-Cards-and-Multi-Tenant-SaaS/m-p/802500#M64583 <P>We have a multi-tenant SaaS application and are looking to provide a Card to customers. What is the recommended way of securely adding a Tenant ID to the requests that HubSpot makes to our endpoint?</P><P>&nbsp;</P><P>Current situation:</P><UL><LI>User adds the App to their instance</LI><LI>Card call my app, passing a UserId and UserEmail<UL><LI>This UserEmail MIGHT be associated with more than one Tenant in my app;</LI><LI>and is it not possible that a use can spoof their email in HubSpot (rare, but possible attack vector)</LI></UL></LI></UL><P><STRONG>Ideal is that the callback URL, includes a Tenant / My System ID in a hashed or trusted manner.</STRONG></P><P>&nbsp;</P><P>Suggestions?</P> Fri, 02 Jun 2023 22:04:51 GMT ProVega 2023-06-02T22:04:51Z https://community.hubspot.com/t5/APIs-Integrations/CRM-Cards-and-Multi-Tenant-SaaS/m-p/802500#M64583 <P>We have a multi-tenant SaaS application and are looking to provide a Card to customers. What is the recommended way of securely adding a Tenant ID to the requests that HubSpot makes to our endpoint?</P><P>&nbsp;</P><P>Current situation:</P><UL><LI>User adds the App to their instance</LI><LI>Card call my app, passing a UserId and UserEmail<UL><LI>This UserEmail MIGHT be associated with more than one Tenant in my app;</LI><LI>and is it not possible that a use can spoof their email in HubSpot (rare, but possible attack vector)</LI></UL></LI></UL><P><STRONG>Ideal is that the callback URL, includes a Tenant / My System ID in a hashed or trusted manner.</STRONG></P><P>&nbsp;</P><P>Suggestions?</P> Fri, 02 Jun 2023 22:04:51 GMT https://community.hubspot.com/t5/APIs-Integrations/CRM-Cards-and-Multi-Tenant-SaaS/m-p/802500#M64583 ProVega 2023-06-02T22:04:51Z