Hello!
I would like to check the validity of the POST call that we will receive on the Production Server URL, before actually verifying the signature and decoding the payload.
But I can't find anywhere in the documentation a way to check that those calls are in fact from Apple. Any particular headers we should check for, any IPs that should be whitelisted?
Thanks in advance!
madalina-grama
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution