Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Webhook subscription IP

Bryan Matias
Contributor
July 2, 2020

Hi all,

I have customers who are subscribed to our status page via webhooks. Some of them will monitor individual components of ours and automate switching to backup code in the event of a major outage.

The problem with this is that the endpoint for receiving these webhooks are exposed, so a malicious user could potentially abuse our customer's endpoints.

Is there an IP range for statuspage webhooks that our customers can add to an allowlist?

1 answer

1 accepted

0 votes
Answer accepted
Mark Campbell-Vincent
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 16, 2021

Hi @Bryan Matias -

 

Our IP addresses are subject to change at any time, so it's not recommended to allowlist webhooks by IPs for now.

We do have a feature request for implementing security mechanisms in webhook notifications. There currently isn't an ETA on this request, but I will add this community post to the internal ticket and will update you accordingly.

Tomas Mataitis
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
August 12, 2022

Any updates on this?

Like Sajan likes this
Sajan
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
February 26, 2024

same issue here, our webhook endpoints are publically exposed. HMAC implementation is the simplest and good enough I guess, but not sure why it's not implemented yet.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events