FAQ

Do Webhooks support custom Authorisation mechanisms?

No, the Webhook system does not support any Authorisation mechanisms other than Signature validation (for more information, see the Security section).

This includes, but is not limited to:

Custom Bearer tokens
A custom Authorization header
Custom API keys
Custom payload structure

What IP addresses should we expect Webhooks to be sent from (for allowlisting senders)?

Signature validation is the main mechanism for preventing your external systems receiving Webhook events from bad actors (for more information, see the Security section).

With signature validation, you can be sure that the sender knows the Secret which was chosen set during setup, and that the contents of the Webhook event has not been intercepted and tampered with once leaving the Mention Me platform.

However, we can provide you a series of IP address ranges to expect Webhook requests from. Though, it is worth noting that, at any time, Mention Me reserves the right to change these IP address ranges without notice.

Just reach out to our support team and they'll be able to provide the up-to-date IP address ranges.