After playing around with the webhooks functionality of the API, it seems that registering a webhook and specifying a port (i.e.
"url": "https://example.com:8088/webhook") causes the webhook not to fire at all. If I register a webhook that’s identical just without the port so that it fires to port 443 then it works perfectly.
Is this intentional or is it a bug?
I wonder if for security reasons they have a firewall that blocks outbound connections on non-standard ports on the machine originating the webhooks, so the webhook attempts to fire but never succeeds.
I wonder what the security risk could be though. At the end of the day it’s just a HTTP post request to a custom URL. Why should it matter which port it goes to?
My best guess would be that being a financial organisation, all traffic probably passes through a proxy for audit purposes. Hence the block on traffic all except 80 & 443.
That’s fair enough - working for one myself I can understand that I’m just looking for confirmation from Monzo mostly!