My firewall is blocking the request to verify a hook!

Answered

Comments

8 comments

  • Andreas Haugstrup Pedersen

    Well, that would certainly be the cause of your trouble. You cannot use an IP based whitelist for Podio webhook requests. We have multiple API server instances and as we takes servers online and offline their IP addresses change, so you'll need to find a different way to whitelist the requests in your firewall.

    All the best,

    Andreas 

    -1
    Comment actions Permalink
  • Nick Daugherty

    I also could use some advice on this. Similar issue.

    0
    Comment actions Permalink
  • Nick Daugherty

    I found this, which gives a list of IP ranges that you can whitelist
    http://citrixonline.com/iprange

    0
    Comment actions Permalink
  • Paweł Walkiewicz

    Hello,
    My company has similar issue.
    What is the current status of this issue considering any changes to Podio infrastructure?
    Is IP whitelisting still not applicable to Podio webhooks request? Are there any suggestions from Podio developers
    how to authenticate Podio webhook requests?

    @Nick what were the results after white-listing those IP ranges? Are they working properly?

    2
    Comment actions Permalink
  • Ansar Muhammad (Anz)

    Hi Andreas,

    We have same requirement and need either the IP or the URL of the request to white list in the firewall.

    Can you please help with this

    0
    Comment actions Permalink
  • Andreas Garnæs

    Hi Anz,

    Unfortunately we cannot offer a fixed set of IP addresses to whitelist against, as our infrastructure is dynamic. I'm not sure what you mean by the URL of the request -- for web hooks you control this yourself.

    Best,
    Andreas

    0
    Comment actions Permalink
  • Samson Burton

    Andreas Garnaes,

    Is there any way to authenticate podio requests with http basic auth? (username:password). My server is set up in such a way as to only allow access with a username and password for all the different services with which I integrate. Since whitelisting Podio is not an option, is there a way to use basic auth (within the header) or possibly a way to include custom headers in the Podio requests?

    0
    Comment actions Permalink
  • Andreas Garnæs

    Samson, please try using a hook url like `https://foo:bar@your-domain.com/path`. That should result in a HTTP header like this: `Authorization: Basic Zm9vOmJhcg==` (base64 encoding of "foo:bar").

    0
    Comment actions Permalink

Please sign in to leave a comment.

Powered by Zendesk