Webhooks Frequently Asked Questions
Essential knowledge
Intended Audience:
Technical User
Author:
Fluent Commerce
Changed on:
9 July 2026
Overview
This page contains frequently asked questions about Fluent Webhooks. Due to the nature of being a cloud-hosted application, there are some restrictions in place regarding IP Whitelisting and Authentication that frequently come up.Key points
- Static IP Whitelisting: Fluent Commerce's cloud setup doesn't allow for static IP whitelisting due to the potential for IP address changes caused by scaling or architectural adjustments, as well as AWS or GCP's own IP address alterations.
- Authentication Measures: Instead of relying on IP Access Control Lists, Fluent Commerce employs strong authentication measures for webhook requests, including cryptographic signing with a private key and verification using a public key to ensure the request's legitimacy and integrity.
- IP-Based Restrictions: Implementing IP-based restrictions, such as whitelisting or IP ranges, is not recommended due to the dynamic nature of IP addresses in the cloud setup, which can lead to high exposure levels and difficulty in implementation.
- Alternative Approaches for Access Control: Instead of IP-based restrictions, companies can utilize firewall/networking equipment or reverse proxies to restrict access based on incoming HTTP request details, or configure unique, specific static URLs for incoming traffic to filter and accept connections securely.