Closed dbadmin closed 6 months ago
Hi @dbadmin,
The outbound IP addresses used by webhooks could be from any of the IP ranges that AWS publishes: https://ip-ranges.amazonaws.com/ip-ranges.json That's probably not very useful in practice.
I suggest that rather than using an IP address allow list you use verify the authenticity of the webhooks using the X-PCO-Webhooks-Authenticity
header. There is more information on how to verify the Authenticity of webhooks here: https://developer.planning.center/docs/#/overview/webhooks
Thank you that was very helpful information.
Related Product Which product is this question related to? Webhooks
Describe the question Our system is set to deny all, so we need a list of IPs to whitelist for our system to accept the webooks.
What have you tried that worked? Attempted to log each IP request that was denied.
What have you tried that didn't work? We have found some IPs to whitelist, but not all of them.