Launch Checklist

Make sure you’re ready to take your app to production.

Create an IP Allowlist

WorkOS sends webhooks from a fixed set of IP addresses. If you are looking to create a list of allowed IP addresses for webhooks, use these IP addresses:

WorkOS IP addresses

 3.221.3.224
54.144.9.196
54.172.232.96
52.87.96.186

Go-live checklist

Handle edge cases.

You may occasionally receive duplicate webhook events. To prevent duplicate processing of events, we suggest caching received events and implementing logic to skip processing seen events.

Since webhook events may be delivered out of order, i.e. not in the order in which they were generated, be sure to handle accordingly. The issued_timestamp extracted from the WorkOS-Signature header can be used to determine order.

Set and secure your Production Project’s Webhook Secret.

Set and secure your Production Project’s API key.

Ensure that your application can receive redirects and webhooks from WorkOS. Depending on your network architecture, you may need to allowlist incoming traffic from api.workos.com.