molar0020 | Stripe Developers | Page 1

frank walrusBOT Nov 3, 2023, 11:32 AM

#

foggy jewel Nov 3, 2023, 11:33 AM

#

👋 happy to help

#

we don't really recommend doing this

#

if you use the Strive Signature verification this can be enough evidence for you that the event is coming from Stripe

tawny comet Nov 3, 2023, 11:37 AM

#

In order to verify the signature, I will have to check each request, and in the case of a DDOS attack, it could be a bit problematic. Applying an IP restriction can help mitigate this issue. Of course, this is in addition to checking the signature. From your response, I understand that we cannot rely on this list, correct?

foggy jewel Nov 3, 2023, 11:42 AM

#

you have the list https://stripe.com/docs/ips#webhook-notifications

Domains and IP addresses

Ensure your integration is always communicating with Stripe.

#

and on https://stripe.com/files/ips/ips_webhooks.json

#

but it's really up to you to decide if you want to do that, because this means, as you said it, you have to maintain it periodically

tawny comet Nov 3, 2023, 11:45 AM

#

I appreciate your assistance!

#molar0020