To ensure seamless delivery of high-priority threat alerts and avoid false monitoring triggers, please follow these technical requirements:
1. Endpoint Availability
- Response Code: Your server must return a 200 OK or 202 Accepted status code immediately upon receiving the payload.
- Timeout: Our system expects a response within 5 seconds. If your internal processing takes longer, please acknowledge the receipt first and process the data asynchronously.
2. Firewall & Whitelisting
- Ensure that your firewall allows incoming POST requests from our fixed IP ranges: [Insert Server IPs].
- If you use Cloudflare or WAF, disable rate-limiting for our delivery agent to prevent accidental 429 (Too Many Requests) errors.
3. Security (HMAC Verification)
- Each webhook includes an X-Antiphishing-Signature header.
- Requirement: Always verify this signature using your unique Secret Key before processing the data. This prevents unauthorized “replay attacks” and ensures the data came from us.
4. Handling Retries
- If your server returns a 5xx or 429 error, our system will initiate a retry sequence (1, 5, 15 minutes).
- Note: If delivery fails after 3 attempts, an automated alert is escalated to our senior security analysts to investigate a potential connection breach.