In the automation I can call external scripts. I want my script to check on the origin of the call (it should only accept calls from Tapeapp automation). I can not find the IP addresses to whitelist.
Is this what you are looking for:
1 Like
Yes, it should be. But the calls I receive from automation are not from the address mentioned in that post.
Traffic is coming from 18.157.160.124 (also AWS)
1 Like
May need @Ben for that one then Iβm fairly sure thatβs the only reference to IP address Iβve seen.
1 Like
Thanks for your question @knobel, and also thanks to @Jason for providing the link, which was heading into the exact right direction. Unfortunately the IP was outdated, we corrected that.
However, this brings be to an info that should be important. As a cloud SaaS provider, due to scalability and availability reasons, we may exchange hardware and server nodes as we go and also add new ones (think about scaling resources, single nodes (even with strong resources) will not be sufficient for the incoming user load forever. We need to be able to add nodes as we go. This is why we do not recommend using IP-whitelisting if you can avoid it.
Just an idea @knobel (which is also inspired by Stripe webhooks that uses a similar pattern): You may want to simply add a secret payload to your request body, or to your headers. It could be a static secret, or a signature that you can verify on your target infrastructure where you receive the request. Would that be practical for you? Let us know.
Cheers
Tim