Skip to main content
When you create or update an endpoint URL, Convoy may issue a ping (an HTTP request to that URL) to confirm the destination responds before accepting the configuration. That check is separate from TLS settings used when Convoy delivers webhooks to the same URL. For ping failures (404, auth-only URLs, TLS errors), see Troubleshooting and the accordion on endpoint validation.

Ping validation (create/update)

  • Convoy tries a small set of HTTP methods when pinging, configurable via ping_methods (default typically includes HEAD, GET, and POST). See the dispatcher table below.
  • If the destination requires credentials Convoy does not have at ping time, returns 404 for unauthenticated GET, or only accepts unusual methods, the ping can fail even though deliveries might work once the endpoint is configured with authentication.
  • To skip only the ping (not TLS verification for deliveries), set skip_ping_validation / CONVOY_DISPATCHER_SKIP_PING_VALIDATION. Use this sparingly; it means Convoy will not have verified reachability at configuration time.

TLS and certificate trust (deliveries and ping)

  • By default, outbound HTTPS uses the system trust store. For private CAs, set ca_cert_path or ca_cert_string on the dispatcher so Convoy loads an additional CA bundle (see also Custom certificate authority if you use that flow).
  • insecure_skip_verify / CONVOY_DISPATCHER_INSECURE_SKIP_VERIFY disables TLS certificate verification for outbound HTTP clients. This is a sharp edge; prefer fixing the certificate chain or custom CA.

SSRF controls

  • allow_list — CIDR ranges outbound connections are allowed to use (mitigates SSRF). Empty vs default behavior depends on your release; check the sample in Configuration.
  • block_list — CIDR ranges that are always denied (JSON key is block_list, not deny_list).

Dispatcher configuration reference

These fields live under the dispatcher object in convoy.json (or equivalent env vars). They match the DispatcherConfiguration struct in the Convoy server configuration.
JSON fieldEnvironment variablePurpose
insecure_skip_verifyCONVOY_DISPATCHER_INSECURE_SKIP_VERIFYSkip TLS cert verification for outbound HTTP (ping + delivery client).
allow_listCONVOY_DISPATCHER_ALLOW_LISTAllowed destination CIDRs (SSRF allow list).
block_listCONVOY_DISPATCHER_BLOCK_LISTBlocked destination CIDRs.
ca_cert_pathCONVOY_DISPATCHER_CACERT_PATHPath to PEM CA file (extra roots).
ca_cert_stringCONVOY_DISPATCHER_CACERT_STRINGPEM CA string (extra roots).
ping_methodsCONVOY_DISPATCHER_PING_METHODSMethods used for endpoint ping on create/update.
skip_ping_validationCONVOY_DISPATCHER_SKIP_PING_VALIDATIONIf true, skip ping on create/update.
Full JSON example and comments: Configuration (dispatcher section).