Notifications: Allowed URLs for Webhooks
Tatum restricts URLs used for webhook notifications to ensure security and reliability.
Accepted URLs
URLs used to receive Tatum webhook notifications must meet these criteria:
- Use a public domain registered under an allowed public top-level domain (TLD).
(Example:https://example.com/webhook
)
Note
Verify allowed TLDs against the Public Suffix List.
Blocked URLs
Tatum blocks webhook notifications to the following:
-
Domains using private or internal TLDs
(Examples:.internal
,.local
,.test
) -
URLs resolving to private IP addresses (localhost, link-local, or private network addresses).
(Examples:http://localhost:8080
,http://192.168.1.1
) -
URLs resolving to these reserved IP address ranges:
Address Type | IP Range |
---|---|
IPv4 Limited Broadcast | 255.255.255.255/32 |
IPv4 Multicast | 224.0.0.0/4 |
IPv6 Multicast | ff00::/8 |
Note
Verify the list of private IP address ranges used by Tatum in the standard Node IP package documentation.
Recommended Practices
- Use domains with publicly accessible DNS records.
- Verify your domain resolves to a public IP address.
- Regularly monitor webhook delivery status from the Tatum Dashboard.
Updated 1 day ago