Validating callback requests from Deepgram involves several methods since you cannot whitelist specific IP addresses. Here are the recommended approaches:

1. Username-Password Authentication: Embed basic authentication credentials in your callback URL, like https://username:password@host.example.com.

2. DG-Token Header: The callback request will include a dg-token header set to the API Key Identifier used for the request.

3. Request ID Validation: Compare the request_id from the transcription job creation with the request_id in the callback response to ensure legitimacy.

4. Proxy Server: Set up a proxy outside your network to receive Deepgram's callbacks. Whitelist the proxy server IP to securely forward requests to your internal network.

For specific security needs, contact Deepgram's sales department.

For more details, see Deepgram Callback Authentication.

Note: Callback URLs cannot contain an underscore ("_"). If they do, you will get an error:

"err_code":"Bad Request","err_msg":"Failed to resolve callback."