No fixed IP addresses for postback messages

Scheduled Maintenance Report for Signhost Verified Signing

Completed

This message has been closed.
Posted Mar 22, 2021 - 17:56 CET

Update

##Update
Adding postback security headers and static postback urls is now operational and can be accessed in the web portal.
See this page for explanation of this new feature:
https://intercom.help/evidos/en/articles/4739431-postback-header-security

We start using variable IPs in the following months, and will update you through this channel. When using postback security headers you can be sure to safely migrate away from whitelisting our IP, which is and was unsupported.
##Update
Posted Mar 01, 2021 - 00:00 CET

Scheduled

##Update
Adding postback security headers and static postback urls is now operational and can be accessed in the web portal.
See this page for explanation of this new feature:
https://intercom.help/evidos/en/articles/4739431-postback-header-security

We start using variable IPs in the following months, and will update you through this channel. When using postback security headers you can be sure to safely migrate away from whitelisting our IP, which is and was unsupported.
##Update


For our API implementations our customers are using postbacks to proactively process the transaction status.

We never recommended nor supported to perform IP address whitelisting for security, but some customers might use this method.
From end of February we will move our postback services and introduce flexible IP's. So any customer that still has this IP whitelisting configured , this is NOT POSSIBLE anymore from the end of February. Customers can use the checksum method.

Because we want to improve our security all the time we will introduce a new possibility to validate if the postback messages are coming from our environment. We will make it possible to configure security authorization headers in Q1.

See the full message and explanation of the new feature here.
here https://intercom.help/evidos/nl/articles/4739431-postback-header-security
Posted Dec 21, 2020 - 18:43 CET
This scheduled maintenance affected: API.