Skip to main content
M
Marcos5C0C
Participant
September 23, 2021
Question

Webhooks Security

  • September 23, 2021
  • 1 reply
  • 1048 views

Hi all, I have been read the webhook documentation (https://www.adobe.io/apis/documentcloud/sign/docs.html#!adobedocs/adobe-sign/master/webhooks.md#securing-webhooks) and I know there is the Two-way SSL authentication, but is there another security that client server could do? Some extra security?
Like whitelist the adobe webhook IP's range.
I read that "your webhook URL must not be blocked by a firewall", but if I only open/available the URL for some IP's (adobe IP's) it will avoid the webhook?
Also I see that  "the client URL must be available on the public internet", but the must avaliable for everybody, every IP?  
Is there some reason to use only 2-way SSL?

This topic has been closed for replies.

1 reply

S
Adobe Employee
SimonESATS
Adobe Employee
September 30, 2021

2-way is optional you don't have to use it. It'll be the Adobe Sign server which will pring Post messages to the url, so only the Adobe Sign ip adresses need to be able to access the url.

See also the security section on the link you shared.

M
Marcos5C0CAuthor
Participant
September 30, 2021
So, is It possible to Adobe give the IP`s address range from webhook?
S
Adobe Employee
SimonESATS
Adobe Employee
September 30, 2021

no not that way. 

You can only do this on the url server and allow listing Adobe's IP range.

 

You cannot tell Adobe to just contact your ip range. There you can only use 2-way tsl/ssl

Firefly Community Gallery
Adobe Firefly

Remix with Firefly Community Gallery

Thousands of free creations to fall in love with and remix in Firefly.

Explore now
Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices