I would not recommend verifying the requests from Podio by looking at the IP address. While the IP addresses of the API servers will probably not change in a foreseeable future, it is a cluster of servers - each with its own IP address - and as we add more servers to that cluster you would need to update your IP check.
Instead you should implement security using a secret key in the url you supply to Podio, either as a query string or as an actual part of the URL. E.g. you could enter http://myserver.com/myhook?secret=1234 and then check that the secret matches when you get an incoming request from Podio.