Secure Webhook URLs

Protecting your webhook endpoint

Since your webhook endpoint is on the open internet, you must protect the endpoint from unwanted or malicious traffic. Use one or more of the following options to secure your endpoint.

Whitelist of IP addresses

To prevent your endpoint from receiving notifications from unauthorized hosts, create a whitelist of Ocrolus IPs.

Ocrolus IPs for outbound webhook requests:

  • 18.205.30.63
  • 18.208.79.114
  • 18.213.224.210
  • 18.233.250.22
  • 35.173.140.133
  • 35.174.183.80
  • 54.164.238.206

HTTP basic authentication scheme

HTTP basic authentication is another easy way to secure your endpoint.
Once you've completed setup, make sure to include the relevant credentials in the webhook URL registered with the system.

curl -X POST \
    -H "Content-Type: application/json" \
    -H "Authorization: Basic dGVzdDZAb2Nyb2x1cy5jb206dGVzdGluZw==" \
    -d '{"webhook_endpoint" : "https://username:[email protected]/ocrolus/webhook", "event" : "BOOK_VERIFIED"}' \
    https://www.ocrolus.com/api/v1/account/settings/update/webhook_endpoint

Did this page help you?