Security considerations

IP address ranges

Currently we are hosting with AWS so please see their documentation. In the future we will be hosting with a Norwegian cloud provider and our IP-range will be: 185.116.4.0/22 and 2001:820:2::/48.

Webhooks

Webhooks are signed using a secret from your account. See our API documentation for details. Webhooks will be sent from an IP address within the IP range above.

Browser use of API / Iframe / Embedding

You need add your domain to your account allowlist to use our public API (from JavaScript) or to embed the booking site using an iframe. You can do this in your account settings. Usage or requests from non-allowlist domains are blocked.

Bookingsite code execution limitations

We have a very restrictive content security policy (CSP). If you need to add custom JavaScript you need to use our custom Liquid tag. Any type of external request will be blocked, please contact us if you have needs beyond the script tag. Please note that custom JavaScript will not be executed on sensitive and critical pages such as payment forms.

Still need help? Contact Us Contact Us