Today, Lithic announced the availability of HMAC headers in our Authorization Stream Access (ASA) requests. This allows users to verify ASA requests using HMAC headers using the same implementation that they are already using to verify webhooks delivered by our Events API.
With this improvement in webhook security that HMAC headers enable, we are requesting that users who currently rely on our published set of static IP addresses to verify the source of Lithic ASA requests update their integrations by August 22, 2023 (Tuesday). While the IP addresses that ASA requests originate from are not expected to change immediately after that date, they will be subject to change without prior notice. This brings our HMAC verification protocol for ASA requests in line with webhooks across the Lithic platform.