IP whitelists
On the Customer Settings page, the IP Whitelists tab allows you to secure your Feedback organization by only servicing requests from defined sources. You can define IP Whitelists for two specific access points:
- Add Interaction Webhooks (which are unauthenticated)
- API endpoints
This guide provides an overview of adding IP addresses to one or both of these whitelists.
Adding IP addresses to the whitelists
To add IPs to either list, enter one per line, then click Save Changes. Note that you can use CIDR ranges on a single line, if needed.
- Unauthenticated webhooks: This field applies to your Add Interaction Webhook, if you have generated one. These webhooks do not require authentication, so under normal circumstances we recommend not sharing the URL unless truly needed and regenerating the URL when potentially compromised. Using a whitelist can alleviate some of the risk of these unauthenticated webhooks.
- API: This field applies to all API endpoints. Since the API already requires authentication, whitelists add another layer of security for API functions.