Setting up your webhook means that it is available on the internet. You want to make sure to verify and make sure that only requests coming from us can pass through into your systems and avoid dangerous actors.
1. IP Whitelisting
IP Whitelisting means you set up your application to only listen for events coming from predefined IPs. This blocks out any other request coming from other IPs, blocking bad actors before hitting your application at all.
Yangaplug only sends webhook events via these IP addresses:
- 64.225.29.23 (Sandbox)
Please note that these IP addresses are subject to change. In the event of a change, we will inform you accordingly.
2. Signature Header Verification
Requests from our systems are always signed with signature; you can verify this request headers hitting your endpoint.
3. Listen for events
Build an HTTP handler that listens for events coming from Yangaplug
const express = require('express');
const app = express();
app.post('/webhooks/yangaplug', express.json({type: 'application/json'}), (request, response) => {
const event = request.body;
console.log(event)
response.json({success: true});
});
Helpful Tip
If a webhook fails after all attempt from us, you can access your Webhook Logs in your Developer settings, and view a list of all failed webhooks.
You can then manually retry it or click to see more information about the event payload.