Skip to main content
If your infrastructure supports IP-based access control, you can restrict inbound webhook traffic to only the IP addresses used by iDenfy. This adds a defense-in-depth layer on top of callback signing.

Obtaining iDenfy’s Webhook IP Ranges

iDenfy does not publish its outbound webhook IPs publicly, and they may change over time. To receive the current list, contact iDenfy technical support through the Jira service portal.

Request webhook IPs

Open a ticket with iDenfy technical support to receive the latest IP ranges for webhook traffic.
After whitelisting, keep your support ticket open or request notifications so you are informed if the IP ranges change in the future.

API Requests to iDenfy

iDenfy does not restrict inbound API requests by source IP. You can call the iDenfy API from any IP address as long as you provide valid authentication credentials. No whitelisting is required on the iDenfy side.
1

Contact support

Request the current webhook IP list from iDenfy technical support.
2

Configure your firewall or security group

Allow inbound traffic on your webhook endpoint only from the provided IP addresses.
3

Combine with callback signing

IP whitelisting alone is not a substitute for signature verification. Use both for the strongest security posture.