Ask HN: Standard for webhook source IP declaration?
Is there a standard way to tell customers where your webhooks will be coming from just in case they want to whitelist those IPs?
If there isn't a standard what is the most common way? Docs? Some random URL with IP CIDRs in JSON?
4 comments
[ 6.1 ms ] story [ 20.1 ms ] threadI've seen other companies (e.g. Stripe) also offer it via JSON, but I personally think it's not that important to provide it in a machine readable format if you don't plan on changing it; which you shouldn't as it'll break integrations. You should only add new IPs that can only be allocated to new customers.
P.S, if you'd like to start sending webhooks, you should probably check out Svix: https://www.svix.com
It's not that you should expect to be changing them very often but it's also extremely unlikely someone using your service is going to manually monitor whatever published list you have - whereas a firewall can be set to fetch your list once a day and will therefor get any changes you need to make, automatically.