FR-14 Deliver Notifications to the Correct Endpoint #93
Description
Description:
The system shall ensure that webhook notifications are delivered only to the correct pool that is authorized to receive the data. Notifications must be targeted, not broadcast, based on the origin and ownership of the relevant certificate or contract data.
Use Case:
A contract certificate is created for an EV belonging to a specific OEM. The resulting notification is sent only to the pool that hosts or manages that OEM's data, and not to other pools.
Current Status
This feature is flagged as possible, though further clarification is needed.
Webhook delivery is managed per subscriber, but authorization and routing logic must be clearly defined.
OCPI was mentioned as a potential model for access verification and routing control.
Assessment:
This FR is feasible in principle, but needs clear definition of:
- Routing rules,
- Recipient eligibility, and
- How subscriptions are filtered by entity type (OEM, CPO, etc.).
The current webhook implementation should be reviewed to ensure it includes authorization checks before dispatch. This may also be part of broader security and governance guidance.
Discussion Points
How is the target recipient determined? Based on PCID/EMAID prefix? Role? Previous data exchanges?
Should there be a standardized authorization layer for webhook routing?
How do we validate that the right endpoint received the right message (e.g., with logging, audit trail)?