Allowlisting Saleor IP Addresses
Depending on your security requirements, including Saleor’s IP addresses to your firewall’s allowlist for receiving webhook events may be necessary.
To ensure reliable communication with our system, we recommend that you do not hardcode a list of Saleor IP addresses in your system. Instead, you must use the following DNS names:
out.eu.saleor.cloud– for the EU region
out.us.saleor.cloud– for the US region
These DNS names resolve to a list of IP addresses. We strongly advise utilizing domain allowlisting if your firewall supports it. Alternatively, you can resolve the DNS records and cache the IP addresses for a brief duration, typically around 1 hour.
Even when you periodically resolve the DNS records and cache the IP addresses, there's still a potential risk of these addresses changing between cache refreshes. This could lead to your system blocking Saleor's webhook events.
Resolving DNS Records
To resolve the DNS records, you can use the
dig command-line tool. For example, to resolve the DNS records for the EU region, run the following command:
dig a +short out.eu.saleor.cloud
In Node.js the same can be achieved using the
import DNS from "node:dns/promises";
const ips = await DNS.resolve("out.eu.saleor.cloud");
Most programming languages offer similar solutions for resolving DNS records. To find suitable options within your preferred programming language, refer to the documentation of that specific language.