In the automation I can call external scripts. I want my script to check on the origin of the call (it should only accept calls from Tapeapp automation). I can not find the IP addresses to whitelist.
Is this what you are looking for:
Yes, it should be. But the calls I receive from automation are not from the address mentioned in that post.
Traffic is coming from 126.96.36.199 (also AWS)
May need @Ben for that one then I’m fairly sure that’s the only reference to IP address I’ve seen.
However, this brings be to an info that should be important. As a cloud SaaS provider, due to scalability and availability reasons, we may exchange hardware and server nodes as we go and also add new ones (think about scaling resources, single nodes (even with strong resources) will not be sufficient for the incoming user load forever. We need to be able to add nodes as we go. This is why we do not recommend using IP-whitelisting if you can avoid it.
Just an idea @knobel (which is also inspired by Stripe webhooks that uses a similar pattern): You may want to simply add a secret payload to your request body, or to your headers. It could be a static secret, or a signature that you can verify on your target infrastructure where you receive the request. Would that be practical for you? Let us know.