Adding postback security headers and static postback urls is now operational and can be accessed in the web portal.
See this page for explanation of this new feature:https://intercom.help/evidos/en/articles/4739431-postback-header-security
We start using variable IPs in the following months, and will update you through this channel. When using postback security headers you can be sure to safely migrate away from whitelisting our IP, which is and was unsupported.
For our API implementations our customers are using postbacks to proactively process the transaction status.
We never recommended nor supported to perform IP address whitelisting for security, but some customers might use this method.
From end of February we will move our postback services and introduce flexible IP's. So any customer that still has this IP whitelisting configured , this is NOT POSSIBLE anymore from the end of February. Customers can use the checksum method.
Because we want to improve our security all the time we will introduce a new possibility to validate if the postback messages are coming from our environment. We will make it possible to configure security authorization headers in Q1.
See the full message and explanation of the new feature here.