Since your webhook endpoint is on the open internet, you should take precautions to protect it from unwanted or malicious traffic. We recommend choosing from the following methods:
Enable TLS to secure your traffic
Whitelist Ocrolus’ public IP addresses
Set up an HTTP Basic Authentication Scheme
Set up a reverse proxy in front of the HTTP server
More information can be found in our secure webhooks guide.
Whitelist of IP Addresses
To ensure that your endpoint does not receive notifications from unauthorized hosts, you can create a whitelist of Ocrolus IPs. Our current IPs for outbound webhook requests are: