I'm implementing a payment method on my application, and the bank site send back a post request with information about the payment, like the status, the payment id ...
But to be sure the request is not from someone trying to do bad stuff, can I accept only request from my bank system? I'm looking for something to check in the request for this action/controller is only from mybank.com and skip others.
post 'yourpath', to: 'controller#action', constraints: { protocol: 'https://', host: 'yourbank' }