Recent Searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Notifications - Tatum IPs, WAF and HMAC

            Modified on Mon, 16 Oct 2023 at 01:33 PM

            Tatum supports HMAC webhook digest for those that want to verify their origin. 

            With HMAC, each notification fired by Tatum has within the HTTP header a digest in the x-payload-hash field, which users can reconstruct on their end. More information is available at the following link.


            Alternatively, although not recommended, you can whitelist Tatum IPs in your Web Application Firewall (WAF). Tatum IP ranges are available in the following file: tatum.io/ips.json


            HMAC Advantages

            • You can trust the webhook content wasn't changed by a "Man-in-the-middle", otherwise, the digest will not match
            • You can trust that only Tatum could calculate the hash, hence you can trust the request was fired by Tatum and not an attacker


            Using HMAC is a much more reliable approach compared to IPs whitelisting.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select atleast one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0