Important Security Considerations

In order to safely use outbound messaging, you must ensure that no third party can send messages to the endpoint while pretending to be from Salesforce:

• Lock down the client application’s listener to accept requests only from the Salesforce IP range. While this guarantees the message came from Salesforce, it does not guarantee that another customer is not pointing to your endpoint and sending messages. The Salesforce IP ranges are:
  • 204.14.232.0/23 (East Coast Data Center set one)
  • 204.14.237.0/24 (East Coast Data Center set two)
  • 96.43.144.0/22 (Midwest Data Centers)
  • 96.43.148.0/22 (Midwest Data Centers)
  • 204.14.234.0/23 (West Coast Data Center set one)
  • 204.14.238.0/23 (West Coast Data Center set two)
  • 182.50.76.0/22 (Japan Data Center)

  Recommendation: The best and easiest whitelist would be

  • 204.14.232.0/21
  • 96.43.144.0/20

  Note

• Use SSL/TLS. Using SSL/TLS provides confidentiality while data is transported across the internet. Without it, a malicious third party can eavesdrop on your data. This issue is especially important if you pass data with privacy requirements and you pass a SessionId with the message. Also, we authenticate the certificate presented on connection, ensure that it is from a valid Certificate Authority, and check that the domain in the certificate matches the one Salesforce is trying to connect. This prevents us from communicating with the wrong endpoint.
• If the configuration of your application (endpoint) server's SSL/TLS allows, validate the identity of the Salesforce server when it takes the role of a client to your server, using the Salesforce client certificate. For instructions to download the certificate, see Downloading the Salesforce Client Certificate.
• The organization Id is included in each message (see ID Field Type for more information about the Id field type). Your client application should validate that messages contain your organization Id.