Saleor IP Addresses

Allowlisting Saleor IP Addresses

Depending on your security requirements, including Saleor’s IP addresses to your firewall’s allowlist for receiving webhook events may be necessary.

To ensure reliable communication with our system, we recommend that you do not hardcode a list of Saleor IP addresses in your system. Instead, you must use the following DNS names:

• out.eu.saleor.cloud – for the EU region
• out.us.saleor.cloud – for the US region

These DNS names resolve to a list of IP addresses. We strongly advise utilizing domain allowlisting if your firewall supports it. Alternatively, you can resolve the DNS records and cache the IP addresses for a brief duration, typically around 1 hour.

caution

Even when you periodically resolve the DNS records and cache the IP addresses, there's still a potential risk of these addresses changing between cache refreshes. This could lead to your system blocking Saleor's webhook events.

Resolving DNS Records

To resolve the DNS records, you can use the dig command-line tool. For example, to resolve the DNS records for the EU region, run the following command:

dig a +short out.eu.saleor.cloud

In Node.js the same can be achieved using the dns module:

import DNS from "node:dns/promises";

const ips = await DNS.resolve("out.eu.saleor.cloud");
console.log(ips);

Most programming languages offer similar solutions for resolving DNS records. To find suitable options within your preferred programming language, refer to the documentation of that specific language.