HACKER Q&A
📣 blamarvt

Standard for webhook source IP declaration?


Is there a standard way to tell customers where your webhooks will be coming from just in case they want to whitelist those IPs?

If there isn't a standard what is the most common way? Docs? Some random URL with IP CIDRs in JSON?

  👤 tasn Accepted Answer ✓
This is what we do at Svix: https://docs.svix.com/receiving/source-ips

I've seen other companies (e.g. Stripe) also offer it via JSON, but I personally think it's not that important to provide it in a machine readable format if you don't plan on changing it; which you shouldn't as it'll break integrations. You should only add new IPs that can only be allocated to new customers.

P.S, if you'd like to start sending webhooks, you should probably check out Svix: https://www.svix.com