List of IP's to Whitelist for outbound webhooks.

planningcenter / developers

Planning Center API docs and support

https://developer.planning.center/docs/

84 stars 8 forks source link

List of IP's to Whitelist for outbound webhooks. #1160

Closed dbadmin closed 6 months ago

dbadmin commented 6 months ago

Related Product Which product is this question related to? Webhooks

Describe the question Our system is set to deny all, so we need a list of IPs to whitelist for our system to accept the webooks.

What have you tried that worked? Attempted to log each IP request that was denied.

What have you tried that didn't work? We have found some IPs to whitelist, but not all of them.

mcfadden commented 6 months ago

Hi @dbadmin,

The outbound IP addresses used by webhooks could be from any of the IP ranges that AWS publishes: https://ip-ranges.amazonaws.com/ip-ranges.json That's probably not very useful in practice.

I suggest that rather than using an IP address allow list you use verify the authenticity of the webhooks using the X-PCO-Webhooks-Authenticity header. There is more information on how to verify the Authenticity of webhooks here: https://developer.planning.center/docs/#/overview/webhooks

dbadmin commented 6 months ago

Thank you that was very helpful information.