Webhook security
Webhook authentication
Each webhook you create is associated with an authentication token, which can
be found in the webhook settings. This token is included in all requests made
by that webhook, and can be used to authenticate that the webhook originated
from your Truework account. You should check the X-Truework-Token header
included with each webhook request and reject any request whose token does not
match the corresponding webhook token.
Webhook source IP addresses
If your environment requires external traffic sources to be allowlisted in a firewall or other network access control device, you can allowlist the IP addresses below to further ensure that webhooks you receive are originating from Truework.
These addresses are subject to change. Truework will make a best effort to communicate changes to these addresses ahead of time.