1

I am integrating with DocuSign and for callback I am using IP Whitelisting mechanism.

DocuSign often sends callback from an IP address that is not whitelisted in my application.

In such cases, callback fails.

I am not sure how to handle this situation. Doe docusign has an API that I can hit to come to know the latest IP address which needs to be whitelisted?

Or any automated notification mechanism we can use to find out in advance that any new IP ranges/addresses are being introduced by DocuSign and can make my application ready for the same.

TylerH
  • 20,799
  • 66
  • 75
  • 101
user1430372
  • 41
  • 4
  • Sounds like you should not use whitelisting on your side. Did you ask DocuSign for help? Also, is this problem even related to programming itself? – Nico Haase Feb 23 '23 at 13:13

1 Answers1

0

This page lists the DocuSign IP ranges. They're updated every so often (no set schedule)

If you receive a webhook from DocuSign that's not in one of the ranges, then it is a bug and should be reported to DocuSign developer support.

Better than IP allow-listing, we recommend using either basic or oauth to protect your listener. I suggest that you also use hmac signatures for additional message validation

TylerH
  • 20,799
  • 66
  • 75
  • 101
Larry K
  • 47,808
  • 15
  • 87
  • 140