Webhook IP address spring cleaning
156 views
Skip to first unread message
Evan Broder
May 6, 2014, 1:01:44 AM5/6/14
to api-an...@lists.stripe.com
Hi folks -
We're doing some spring cleaning on the list of webhook IP addresses
in our pool. Going forward, we will *not* be sending webhooks from any
of the following IP addresses:
50.18.189.108
50.18.205.233
50.18.189.113
54.241.152.15
50.18.189.115
54.241.152.28
50.18.189.119
54.241.152.75
54.241.13.36
54.241.30.174
54.241.30.249
54.215.4.225
54.241.23.34
54.241.28.102
54.241.28.103
54.241.25.160
With those IP addresses removed, this is the full list of IP addresses
from which we will send webhooks:
54.241.31.99
54.241.31.102
54.241.34.107
We expect this set of IP addresses to be largely stable. However,
because we occasionally have to adjust this list of IP addresses
without any advance notice, we strongly recommend against using
IP-based access control to protect your webhook endpoints. Instead, we
recommend serving your webhook endpoint over SSL, embedding a secret
identifier in the webhook URL that is only known to you and Stripe,
and/or retrieving the event by ID from our API
(https://stripe.com/docs/api#retrieve_event)
Please let me know if you have any questions!
- Evan
We're doing some spring cleaning on the list of webhook IP addresses
in our pool. Going forward, we will *not* be sending webhooks from any
of the following IP addresses:
50.18.189.108
50.18.205.233
50.18.189.113
54.241.152.15
50.18.189.115
54.241.152.28
50.18.189.119
54.241.152.75
54.241.13.36
54.241.30.174
54.241.30.249
54.215.4.225
54.241.23.34
54.241.28.102
54.241.28.103
54.241.25.160
With those IP addresses removed, this is the full list of IP addresses
from which we will send webhooks:
54.241.31.99
54.241.31.102
54.241.34.107
We expect this set of IP addresses to be largely stable. However,
because we occasionally have to adjust this list of IP addresses
without any advance notice, we strongly recommend against using
IP-based access control to protect your webhook endpoints. Instead, we
recommend serving your webhook endpoint over SSL, embedding a secret
identifier in the webhook URL that is only known to you and Stripe,
and/or retrieving the event by ID from our API
(https://stripe.com/docs/api#retrieve_event)
Please let me know if you have any questions!
- Evan
Evan Broder
May 19, 2014, 2:39:01 PM5/19/14
to api-an...@lists.stripe.com
Hey folks -
I know I said that we expected this list to be stable, but apparently
I was wrong. We have 3 new IP addresses to add to our webhook IP
address list:
54.187.174.169
54.187.205.235
54.187.216.72
Here's the full list with these updates:
54.187.174.169
54.187.205.235
54.187.216.72
54.241.31.99
54.241.31.102
54.241.34.107
I'm sure I've lost my credibility at this point :-P, but I *really*
expect this list to be stable for some time. I don't expect any of
these IP addresses to go into production for some time, but of course,
as a reminder, we occasionally do have to adjust this list of IP
addresses without advance notice, and so we recommend against using
IP-based access control with webhooks.
Thanks!
- Evan
I know I said that we expected this list to be stable, but apparently
I was wrong. We have 3 new IP addresses to add to our webhook IP
address list:
54.187.174.169
54.187.205.235
54.187.216.72
Here's the full list with these updates:
54.187.174.169
54.187.205.235
54.187.216.72
54.241.31.99
54.241.31.102
54.241.34.107
I'm sure I've lost my credibility at this point :-P, but I *really*
expect this list to be stable for some time. I don't expect any of
these IP addresses to go into production for some time, but of course,
as a reminder, we occasionally do have to adjust this list of IP
addresses without advance notice, and so we recommend against using
IP-based access control with webhooks.
Thanks!
- Evan
Reply all
Reply to author
Forward
0 new messages