How sensitive is the local development Jovo Webhook URI?

dnotes · 2020-10-14 09:07:25 UTC

I’m making some videos of me trying to figure out Jovo, and wondering if there is any reason that I need to blur out the Jovo Webhook URI before publishing. I think probably not, because:

The ID endpoint is just a time-based uuid, and does not contain any information about me, my machine, or anything else.
The ID persists only as long as the Jovo user config stored in ~/.jovo/config, so deleting that file or the id line will reset it, e.g. so that viewers will not be able to spy on my future projects.

Is there something I’m missing? Is there any information stored by webhook.jovo.cloud? Even my IP address for the socket IO usage or something like that?

jan · 2020-10-14 09:07:05 UTC

Hi @dnotes,

First off, thanks for creating videos, looking forward to watching them if you decide to share them publicly

I usually blur out my webhook URL. The Jovo servers don’t store any sensitive data, however others could use that URL to “watch” you test certain voice apps.

Another idea could also be to change the webhook ID in the config file you mentioned just for the time you’re recording the video.

dnotes · 2020-10-14 09:25:14 UTC

Changing for the video certainly makes sense. —They can only “watch” while your local server is running though, right? Is there a use case for keeping the same URL long term, or is it just as well to refresh it every time you spin up the local environment?

jan · 2020-10-14 09:38:42 UTC

Exactly

The only thing that comes to mind is that it could be annoying to change the webhook URL in the Alexa Developer Console etc. every time. Is done with the jovo deploy command though, so no real issue

dnotes · 2020-10-14 16:15:15 UTC

Got it. That makes sense. Thanks so much!