# Commerce API safelist When integrating with the Commerce API, ensuring seamless communication between your systems and Digital River is critical. One essential step is configuring your firewall to accept incoming webhook notifications from Digital River. This is achieved by safelisting specific IP addresses Digital River uses to send these notifications. Below is a safelist of IP addresses that you should configure within your firewall settings to ensure you receive all necessary webhook notifications without interruption. The safelist is a list of IP addresses Digital River uses to send webhook notifications. To receive webhook notifications from Digital River, you must open your firewall to these IP addresses. #### Understanding webhooks and the importance of safelisting Webhooks are automated messages sent from apps when something happens. In the Commerce API integration context, Digital River uses webhooks to notify your systems of events such as payments, order updates, and more. These real-time updates allow your systems to react promptly, ensuring a seamless transaction process. However, to maintain the security and reliability of these communications, it's critical to ensure that your systems only accept these notifications from trusted sources. This is where safelisting comes into play. By configuring your firewalls only to allow incoming notifications from known Digital River IP addresses, you protect your systems from unauthorized access and potential security threats. Safelisting the specified IP addresses ensures that you receive crucial webhook notifications without interruption, enhancing the integrity and efficiency of your integration with Digital River. ## Recommended security practices for webhooks To enhance the security of webhooks and ensure safe communication with Digital River, follow these best practices: * **Safelist IP addresses**: Only allow incoming webhook notifications from known Digital River IP addresses. Below is a list of IP addresses to safelist in your firewall settings: * `54.204.214.106/32` * `100.25.55.35/32` * `3.94.74.169/32` * `52.207.145.30/32` * `35.167.151.150/32` * `50.112.167.211/32` * `52.36.133.196/32` * `54.68.3.105/32` * `52.19.155.167/32` * `34.241.30.95/32` * `209.87.180.0/24` * `217.65.128.0/24` * `210.242.154.0/29` {% hint style="info" %} Note that the slash at the end is [CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) and represents a range of IP addresses. {% endhint %} We recommend you periodically check the safelist for any changes to the list of IP addresses used for webhook notifications. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.digitalriver.com/commerce-api/events/webhooks/commerce-api-safelist.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.