Post

9 followers Follow
1
Avatar

My firewall is blocking the request to verify a hook!

Hi, It seems as though my firewall blocks the POST request from Podio to verify a webhook. What IP-addresss does Podio use for this?!

Thanks again!

 

Ismail Pelaseyed Answered

Please sign in to leave a comment.

8 comments

-1
Avatar

Well, that would certainly be the cause of your trouble. You cannot use an IP based whitelist for Podio webhook requests. We have multiple API server instances and as we takes servers online and offline their IP addresses change, so you'll need to find a different way to whitelist the requests in your firewall.

All the best,

Andreas 

Andreas Haugstrup Pedersen -1 votes
2
Avatar

Hello,
My company has similar issue.
What is the current status of this issue considering any changes to Podio infrastructure?
Is IP whitelisting still not applicable to Podio webhooks request? Are there any suggestions from Podio developers
how to authenticate Podio webhook requests?

@Nick what were the results after white-listing those IP ranges? Are they working properly?

Paweł Walkiewicz 2 votes
0
Avatar

Hi Andreas,

We have same requirement and need either the IP or the URL of the request to white list in the firewall.

Can you please help with this

Ansar Muhammad (Anz) 0 votes
0
Avatar

Hi Anz,

Unfortunately we cannot offer a fixed set of IP addresses to whitelist against, as our infrastructure is dynamic. I'm not sure what you mean by the URL of the request -- for web hooks you control this yourself.

Best,
Andreas

Andreas Garnæs 0 votes
0
Avatar

Andreas Garnaes,

Is there any way to authenticate podio requests with http basic auth? (username:password). My server is set up in such a way as to only allow access with a username and password for all the different services with which I integrate. Since whitelisting Podio is not an option, is there a way to use basic auth (within the header) or possibly a way to include custom headers in the Podio requests?

Samson Burton 0 votes
0
Avatar

Samson, please try using a hook url like `https://foo:bar@your-domain.com/path`. That should result in a HTTP header like this: `Authorization: Basic Zm9vOmJhcg==` (base64 encoding of "foo:bar").

Andreas Garnæs 0 votes