Lindsay Klatzkin Posted April 15 Share Posted April 15 We are sending API calls to an external API via HTTP Post on a Trigger. For security purposes, they requested that we provide them with a list of IP addresses that these requests will be coming from. I could not find this in the old community forum (could only find IPs for emails and DDS). Link to comment Share on other sites More sharing options...
Sterio, Louis Posted April 15 Share Posted April 15 (edited) @Lindsay Klatzkin Relying on IP whitelisting can be problematic as our public IP addresses may change over time due to various network configuration updates or cloud service policies. This change would potentially disrupt the connectivity if the IP addresses were hard-coded into their security settings. Could explore the possibility of using domain names instead of IP addresses for the basis of whitelisting. Using our domain name (e.g., intacct.com) would allow their security systems to perform a reverse DNS lookup to verify requests coming from our servers. This method is generally more robust as it adapts to changes in IP addresses without requiring frequent manual updates. You can also send the sessionid as an argument to your endpoint {!USERPROFILE.SESSIONID!} to validate. Edited April 15 by Sterio, Louis Link to comment Share on other sites More sharing options...
Recommended Posts