Shopify Flow is an ecommerce automation platform that enables you to automate tasks and processes within your store and across your apps.
I am evaluating Shopify Flow to send the order information to our private inventory server.
Sending JSON data via "Send HTTP Request" action is good, it works fine.
However, I found that the remote IP address was not fixed and changed from time to time.
I want the API access only from limited IP addresses.
Is there any list of fixed IP addresses for the "Send HTTP Request" action?
Hi,
A simple solution will be to add a secret key and a value into the flow HTTP Request header and then your private inventory server app needs to validate that secret key and value before it processes the request.
Thank you Jazz-Jay for your advice.
I understand that the API access should be protected by some kind of secret access key. And actually it is already implemented.
Using API key is an application layer protection.
In addition to it, we want to add a network layer protection on the server.
By filtering IP addresses and ports, our server will be protected at a lower level.
Check this page for a list of IPs. It doesn't change frequently, but you might need to monitor it:
https://egress-ips.shopify.com/
Thank you very much, Paul.
This is the one I was looking for.
👍
Hi Paul,
I checked the list in https://egress-ips.shopify.com/ and current list was here:
{ "last_update": "2021-08-30", "egress_ips": [ "35.232.224.180/32", "35.232.224.180/32", "35.238.98.119/32", "130.211.193.14/32", "35.223.215.165/32", "34.73.222.25/32", "35.243.163.187/32", "35.237.72.31/32", "23.227.62.0/23" ] }
However, I've got the HTTP requests from other IPs not in the list:
Is the list well maintained and up-to-date? I doubt that it's not updated recently.
Could you please check it and update if necessary.
Thanks for your support !!
Hi, it looks like the info provided is not correct. I think those IPs are actually not used. Unfortunately, there isn't a consistent set of IPs used as they are determined dynamically, so what you are trying to do doesn't look possible.
Unfortunately, there isn't a consistent set of IPs used as they are determined dynamically, so what you are trying to do doesn't look possible.
Hi Paul,
Thank you for your update.
Is it possible to provide the IP ranges for the "dynamically" determined one?
It could be helpful for making a whitelist.
Unfortunately no.
Hey Community! As we jump into 2025, we want to give a big shout-out to all of you wh...
By JasonH Jan 7, 2025Hey Community! As the holiday season unfolds, we want to extend heartfelt thanks to a...
By JasonH Dec 6, 2024Dropshipping, a high-growth, $226 billion-dollar industry, remains a highly dynamic bus...
By JasonH Nov 27, 2024