We’ve implemented a Twilio-based WhatsApp integration using .NET Core 6 and deployed the application on IIS running on a Windows Server 2022 machine (client's environment). Outbound messages from our application to Twilio are working correctly.

However, incoming messages from Twilio are not reaching our server/application. We’ve already asked the client to allow traffic from *.twilio.com subdomains, but that doesn’t seem to resolve the issue.

Given that this is a production environment and the client is concerned about security, we cannot request them to open all inbound traffic.

My questions:

What specific IP addresses or subdomains should be whitelisted to allow Twilio's webhook requests (WhatsApp messages) to reach the server?

Are there any additional IIS or firewall configurations we should check to ensure that incoming HTTP requests from Twilio are accepted and routed correctly?

Any guidance on how to properly configure the client's firewall or server to receive these requests securely would be highly appreciated.