I'm currently using SendGrid's Inbound Parse Webhook to feed emails to my application. I've been able to get it working by pointing the URL to an endpoint which my application has exposed. SendGrid just sends the email in the form of a JSON format HTTP POST request to this endpoint and I just process each request internally.
My question is, now that I have it working, how do I ensure that only SendGrid can use this endpoint? At the moment, anyone can utilise this HTTP POST endpoint and pretend that an email has been sent to the application.
Can I get SendGrid to send some sort of unique key to identify themselves? Is there a way I can restrict by ip address?