I'm trying to setup a web server to handle the shopify webhooks about order info and get the product Inventory info with the api.
Just like the example
To be safety,I setup some firewall rules and want to make a whitelist of the IP addresses .
so that only Shopify's server can access our server.
I try to google to find something about the IP range of Shopify, but i got nothing.
Can you help me ?
You shouldn't have to be validating that requests are coming from Shopify on the network level. Our webhook requests come with a calculated HMAC signature to verify that the request in fact came from Shopify:
I know this is an old post, but @Alex, to be blunt that answer is not acceptable. People whitelist for a lot of reasons, only 1 of which might be to verify the request is coming from you. I'm running into this now with our Shopify integration and the biggest reason we want to whitelist is not to verify the shopify connection it is to AVOID ALL OTHER CONNECTIONS! Why expose a service that needs a request from 1 application to the entire world to be attacked and possibly compromised?!?
Can you confirm if Shopify still hasn't fixed this issue? It is pretty standard in the industry, even if that whitelist includes entire class-c ranges, to provide IPs for whitelisting for webhooks. The fact Shopify doesn't take this level of security seriously is very concerning.
Any traction on this? This is a very basic and necessary ask. There must be a CIDR you can provide for whitelisting.
Giving this another boost. It's asinine to completely open a server up to connections from any source if there's only a need to accept Shopify webhooks.
Giving this yet another boost. Like the others have stated, it is ridiculous to not offer an updated IP range to block 99% of the internet from hitting a service that needs to come from a single source.
jI doubt this will be resolved any time soon as it seems requires some infrastructural changes for Shopify backend.
Have you created a collection on your online store and experienced an issue with adding yo...By Ollie Aug 24, 2022