Eventbrite Webhook Access with Cloudflare One-Time-Pin Protection

seanryanmc · March 8, 2024, 6:28pm

Hello! I am using a Cloudflare Zero Trust Tunnel to set up webhook access to a private server.
I’ve also set up a one-time-pin authentication for accessing the website.

I’m trying to use a webhook via Eventbrite, but I receive a “302” error. I found this thread which encountered similar issues on GitHub.

The solution was to access the api here, which lists the IP Addresses that GitHub uses to send webhooks. Then, allowlist those IP Addresses on Cloudflare.

However, I can’t find a similar list of IP Addresses for Eventbrite. I dug through the API, the documentation, and reached out to their help team, but unfortunately the person I talked to didn’t understand the request.

Does anybody have any suggestions as to how I could properly allowlist Eventbrite’s webhook calls?

Thanks!

seanryanmc · March 8, 2024, 6:51pm

Update: I found this page, which states the following:

We have a dynamic infrastructure on AWS and we are unable to provide an exact IP range, but you can filter based on our custom headers (X-Eventbrite-Event: order.placed or X-Eventbrite-Delivery: 1763382) or user agent (User-Agent: Eventbrite Webhooks (Dilithium)).

I don’t see any way to set up a policy to filter by custom headers or user agents. Could somebody point me in the right direction?

Topic		Replies	Views
Github webhook acces with cloudflare one-time-pin protection Access	2	2102	March 15, 2023
Cloudflare Zero Trust Policy question Security CloudflareZeroTrust	7	2711	December 29, 2022
How to allow only webhooks from Github to my internal server? Cloudflare Tunnel CloudflareTunnel	5	6344	January 4, 2022
Webhook Posts Fail Security	1	2089	December 14, 2019
Stream Webhooks IP Stream	1	475	December 8, 2023

Eventbrite Webhook Access with Cloudflare One-Time-Pin Protection

Related topics