I have custom software that receives the data in a route from Notehub. To improve the security I would like to add firewall rules that would only allow traffic from Notehub, do you have a list of your public IP addresses for this purpose? I did look, but couldn’t find anything.
Currently, we can’t provide a definitive list of IPs or IP ranges for our outgoing routed events. Our IP addresses change from time-to-time given our scalable architecture that is hosted in multiple data centers.
We do understand that some customers want to use IP whitelisting as part of their authentication strategy. Thus we are considering providing an endpoint that returns the currently active list of IP addresses.
IP whitelisting is vulnerable to man-in-the-middle attacks and spoofing.
Given that, I strongly recommend that you use HTTPS/TLS encryption plus token or HTTP BasicAuth authentication whether or not you’re able to take advantage of IP whitelisting.
It would be good if you could provide an endpoint. I already have string encryption and authentication on the data, I mainly wanted to cut down on the constant scanning.
I totally get that.
It’s definitely on our list of requested features. We hope to make it available in the coming quarter.