Notifications: Allowed URLs for Webhooks
Tatum restricts URLs used for webhook notifications to ensure security and reliability.
Accepted URLs
URLs used to receive Tatum webhook notifications must meet these criteria:
- Use a public domain registered under an allowed public top-level domain (TLD).
(Example:https://example.com/webhook)
Note
Verify allowed TLDs against the Public Suffix List.
Blocked URLs
Tatum blocks webhook notifications to the following:
-
Domains using private or internal TLDs
(Examples:.internal,.local,.test) -
URLs resolving to private IP addresses (localhost, link-local, or private network addresses).
(Examples:http://localhost:8080,http://192.168.1.1) -
URLs resolving to these reserved IP address ranges:
| Address Type | IP Range |
|---|---|
| IPv4 Limited Broadcast | 255.255.255.255/32 |
| IPv4 Multicast | 224.0.0.0/4 |
| IPv6 Multicast | ff00::/8 |
Note
Verify the list of private IP address ranges used by Tatum in the standard Node IP package documentation.
Recommended Practices
- Use domains with publicly accessible DNS records.
- Verify your domain resolves to a public IP address.
- Regularly monitor webhook delivery status from the Tatum Dashboard.
Updated 7 months ago