Fluent Commerce Logo
Docs

Webhooks Frequently Asked Questions

Essential knowledge

Intended Audience:

Technical User

Author:

Fluent Commerce

Changed on:

9 July 2026

Overview

This page contains frequently asked questions about Fluent Webhooks. Due to the nature of being a cloud-hosted application, there are some restrictions in place regarding IP Whitelisting and Authentication that frequently come up.

Key points

  • Static IP Whitelisting: Fluent Commerce's cloud setup doesn't allow for static IP whitelisting due to the potential for IP address changes caused by scaling or architectural adjustments, as well as AWS or GCP's own IP address alterations.
  • Authentication Measures: Instead of relying on IP Access Control Lists, Fluent Commerce employs strong authentication measures for webhook requests, including cryptographic signing with a private key and verification using a public key to ensure the request's legitimacy and integrity.
  • IP-Based Restrictions: Implementing IP-based restrictions, such as whitelisting or IP ranges, is not recommended due to the dynamic nature of IP addresses in the cloud setup, which can lead to high exposure levels and difficulty in implementation.
  • Alternative Approaches for Access Control: Instead of IP-based restrictions, companies can utilize firewall/networking equipment or reverse proxies to restrict access based on incoming HTTP request details, or configure unique, specific static URLs for incoming traffic to filter and accept connections securely.

About

Fluent Commerce doesn't support static IP whitelisting due to the dynamic nature of cloud-hosted architecture. Instead, robust authentication measures are in place for webhook security, including cryptographic signing and signature verification. While static IPs aren't recommended, securing webhook endpoints is achievable by configuring unique URLs and firewall rules. Additionally, setting up custom authorizers or message queue validation enhances security. Each webhook establishes a single connection, with inbound and outbound calls dependent on workflow events. For detailed guidance, refer to Fluent's 'Webhook overview' documentation.

Frequently Asked Questions