Does anyone know the IP address block that webhooks from workflows originate from? We would like to lock down access to our endpoint to only the addresses that would need to access it.
It is very suprising that there is no domain or IP list/range that webhooks would originate from. From our perspective, this is a huge security concern. While I appreciate that there are ways to authenticate the request, it makes no sense to have to open up any internal systems to the entire web. Please fix this security issue ASAP.
So we can’t limit connections to our endpoint to only be for requests coming from HubSpot?
Would the requests be originating from hubspot.com or even app.hubspot.com? I am looking for some way to limit connections to a specific set of IPs so that our endpoint isn’t open to the entire world to hammer on. Sure I could put HTTP authentication on it but it would still be open to the world.