I am creating a chatbot on Facebook Messenger. I have configured a webhook which is working fine. Is there a way to get the list of source IPs to whitelist on my firewall? My security team is not comfortable in opening the webhook to the entire internet.
We do plan to use the X-Hub HMAC validation, however restricting the source IP to a a finite number of IP or IP ranges or Domain would keep the security guys off me.
Facebook publish their list of IP addresses via an endpoint that can be queried like this:
whois -h whois.radb.net -- '-i origin AS32934' | grep ^route  
Note however that their IP addresses change frequently, so you'll need to integrate the API with your firewall.
More info is available on Facebook's site: https://developers.facebook.com/docs/graph-api/webhooks#access
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With