bchavez
commented
6 years ago Hi @mkzcore,
Thank you for your question. Unfortunately, I don't work for Coinbase so I can't answer your question about the IP ranges Coinbase uses. I only build & maintain the unofficial .NET/C# APIs for Coinbase and Coinbase Commerce. I don't have any working relationship with Coinbase.
However, I did find a related issue here: https://github.com/coinbase/coinbase-java/issues/67. You might have better luck asking in their official repos. The only other people I know that could possibly help are @amyin, @maksim-s, @guacamoli, and @barmstrong.
Regardless, you'll want to make sure you use the WebhookHelper.IsValid() method to verify webhook messages from Coinbase. The HMAC signature validation is likely your only reliable and real defense against attackers more so than IP safelists.
If you find an answer to your question, please let me know. I'll be happy to update the README files with IP range information for those that need it.
Hope that helps.
Thanks, Brian
:briefcase: :necktie: "Taking care of business every day... Taking care of business every way..."
blazorin
Hi there
We prepared everything, but we need to have the IP ranges used by coinbase to configure our security settings on the server.
Can you provide a specific IP range or connection IP which is used by this service? Coinbase Commerce Support couldnt send any so far.
Thanks Michael