Hi, I need to manage cors on my app to allow only certain origins on my endpoints. I’m using Dato webhooks to call some of my endpoints. Which origin should be allowed to let these request in?
Thanks!
Hello @felix.proulx
The IP origin for the included webhooks is fully dynamic unfortunately.
If you’d like you can use the custom payloads to setup an authentication system if you’d like
Or, if you do need some webhooks with static IPs, contact us at support@datocms.com as we have some payed packages for that option we can discuss
Hi,
Thanks for the fast answer.
I already use the custom headers for authorization but the client is pretty serious about security and I would like to provide a solution that would take into account the possibility that the token could be stolen and prevent using the endpoint form elsewhere.
I figured the origin domain + the token would we enough but it’s unclear to me what domain should be allowed in cors to let webhooks requests in.