What is your IP address?

softwareghlmarketplace appswebhooks

by Sergio Leon

Image credit: Christoph Scholz

Image credit: Christoph Scholz

This one's not very common, but every now and then someone will post in the Dev Council saying their customer or prospect is asking what their IP address is. Most of the time it's lead gen agencies that have a need to post data to their customers' servers, that need to get their IP addresses allow-listed.

The answer is simple: all of them 🤣.

In all seriousness, HighLevel don't publicize any specific IP addresses webhooks may come from. The safest bet to appease an inquiring customer would be to explain that you are Cloud-Native, which means "your servers" use hosted on a mix of AWS and Google Cloud infrastructure and that there is no unique IP address you're bound to. Cloud-hosted servers use ephemeral IP addresses that change frequently. This affords you the benefit of fluidity, as your software workloads are free to move between physical servers while keeping the service up and running.

But I gotta give 'em something!

Fine. If you must, you can give them the following IP ranges:

WARNING: These IP ranges are the ones published by AWS and GCP as of January 12th, 2024. These ranges are subject to change at any time, without notice. If you use them, you do so at your own risk.

AWS

AWS publishes its current IP address ranges in JSON format. With this information, you can identify traffic from AWS. You can also use this information to allow or deny traffic to or from some AWS services. You can download the current list of IP ranges in JSON format from the following URL: https://ip-ranges.amazonaws.com/ip-ranges.json.

See AWS IP address ranges for more details.

Google Cloud

In Google Cloud Platform, each region has its own set of external IP addresses for use by zonal or regional resources. You can obtain the list of IP ranges used by Google Cloud Platform by downloading the JSON file from https://www.gstatic.com/ipranges/cloud.json.

See IP addresses on GCP's Docs for more details.

Ok that was a lot of addresses, is there no other way?

If your customer won't open up their firewall to the entirety of AWS and GCP (I wouldn't blame them, to be honest), you next best option would be to run a webhooks server that can receive the requests from HighLevel and then forward them to your customer's server. This way, you can give them a single IP address to allow-list, and you can also add some security measures to your webhooks server, like authentication and rate limiting.

Honestly, this is the better option, albeit being a bit more involved. It's not that hard to set up, and it's a good way to add some security to your webhooks server. If the idea of running your own servevr does not scare you you might want to look into running your own instance of N8N, which is an open-source alternative to Zapier. It's a great tool, and it's free to use. You can run it on your own server, and it has a built-in webhook server that you can use to receive webhooks from HighLevel and then forward them to your customer's server.

Feeback welcome!

As always, I'd love to her from you. Reach out to me on the Dev Council Slack Channel or on Twitter @cbnsndwch. I'm happy to help!