IP address block for workflow webhooks


#1

Does anyone know the IP address block that webhooks from workflows originate from? We would like to lock down access to our endpoint to only the addresses that would need to access it.

Thanks.


#2

Hi @js-envisa

We don’t have a list of IPs that would be used for HubSpot services, and any IPs that are currently used today are subject to change at any point.

We do support simple HTTP authentication for webhooks, which you can enable when setting up the webhook in the workflow.


#3

So we can’t limit connections to our endpoint to only be for requests coming from HubSpot?

Would the requests be originating from hubspot.com or even app.hubspot.com? I am looking for some way to limit connections to a specific set of IPs so that our endpoint isn’t open to the entire world to hammer on. Sure I could put HTTP authentication on it but it would still be open to the world.


#4

@js-envisa - Did you ever get a resolution to this?

We also need to do a workflow webhook but don't want to open up the webservice to the www (wild wild west :slight_smile: )

@dadams - Is a list of IPs still unavailable? Would you be able to answer the OP's question of:

So we can’t limit connections to our endpoint to only be for requests coming from HubSpot?

Would the requests be originating from hubspot.com or even app.hubspot.com?

Thanks folks!
Siddall


#5

Bueller...Bueller...Bueller... :rofl: