Endpoint Requirements

Webhook Endpoint Requirements

  • Your webhook HTTPS endpoint should support CA-signed certificates. Self-signed certificates are not supported.
  • Custom webhook endpoints must support Transport Layer Security (TLS) 1.2 and above to avoid security vulnerabilities.
    • Please note, webhook events are not deliverable to endpoints that support legacy TLS 1.2 renegotiation.
    • It is recommended to migrate to TLS 1.3 where legacy renegotiation is no longer supported.
  • Avoid sending sensitive information like signing key in Webhook endpoint http error response.

Adding Webhook Destination Domain to the ICE Allow-list

If you are a new customer or partner subscribing to receive webhook notifications, during setup, you will need to provide your domain to ICE to receive webhook notifications.

If you are already subscribing to webhook notifications and your receiving endpoint domain is planned to change, you will need to submit a request to add your new domain to the ICE allow-list.

Please refer to the Adding Webhook Destination Domain to the ICE Allow-list knowledge article for additional details and instructions for submitting a request to ICE.


The webhook service requires a response within 30 seconds of delivery. If there is no response within 30 seconds, the webhook service will make other attempts to deliver the notification based on the delivery policy selected for the webhook subscription. The delivery policy for a webhook subscription is determined by the Subscription API deliveryPolicy parameter.