Security considerations
IP address ranges
Our IP-range is: 185.116.4.0/22 and 2001:820:2::/48.
Webhooks
Webhooks are signed using a secret from your account. See our API documentation for details. Webhooks will be sent from an IP address within the IP range above.
Browser use of API / Iframe / Embedding
You need add your domain to your account allowlist to use our public API (from JavaScript) or to embed the booking site using an iframe. You can do this in your account settings. Usage or requests from non-allowlist domains are blocked.
Bookingsite code execution limitations
We have a very restrictive content security policy (CSP). If you need to add custom JavaScript you need to use our custom Liquid tag. Any type of external request will be blocked, please contact us if you have needs beyond the script tag. Please note that custom JavaScript will not be executed on sensitive and critical pages such as payment forms.
Outgoing messages
Emails are sent from robot@booking.makeplans.com.
SMS are sent from 'MakePlans' but can in some markets be sent from +19388888601 or other numbers due to local regulations.