I'm trying to setup a callback server to handle the shopify webhooks I create in my app and need to know the possible list of IP's that Shopify will be calling back from so I can setup some firewall rules. Is that list published anywhere?
So you're telling me that it doesn't matter if I let the entire world into our internal testing web servers? I beg to differ on this point. Usually API callback systems that do calls out to their clients offer a whitelist for security reasons (ie. Salesforce, Zuora, etc). The whitelist is not about authorizing or authenticating the call, it's about not having to expose our web port to just anyone in order to received a callback from a specific company.
We don't guarantee what IPs webhooks will come from, no. The current IP(s) aren't likely to be changed soon / often, but we don't recommend locking to those IPs and we don't currently support doing that, nor do we provide notice if they change.
Have you created a collection on your online store and experienced an issue with adding yo...By Ollie Aug 24, 2022
Connect your PayPal account to allow your customers to checkout using the PayPal gateway a...By Ollie Jul 28, 2022