The Mollie API will always only send you an ID of the entity that got updated. You will need to retrieve the full entity to understand what changed, and by doing so you are ensuring your information comes directly from an authenticated Mollie API call. The Mollie API uses webhooks to push updates to your integration. To ensure your integration receives webhook updates from Mollie without interruption, you may need to allowlist Mollie's outgoing IP addresses if your firewall restricts inbound traffic.
You can easily get the current list of Mollie’s outgoing IP addresses by running this command:
curl https://ip-ranges.mollie.com/ips.txt
By adding the -i option to the curl command, you will get a response that includes an HTTP header with a Last-Modified timestamp, so you can check when the list was last updated.
However, we recommend avoiding IP allowlisting for access purposes whenever possible.
Mollie sends two types of webhooks:
Mollie sends two types of webhooks:
- Webhooks with only an identifier that invite an API request to retrieve the actual payload—so the legitimate source IP is less important.
- Signed webhooks with the full payload, protected by a signature to ensure authenticity and integrity—so the legitimate source IP is again less important.