Webhook-url-http-3a-2f-2f169.254.169.254-2fmetadata-2fidentity-2foauth2-2ftoken Guide

Check Headers: The request to IMDS requires the header Metadata: true. Check logs for this specific header in outgoing requests.

Rotate Credentials: If a successful request is suspected, immediately rotate the Managed Identity keys or certificates for the affected VM.

Verify whether the application follows redirects or leaks response bodies or headers.

Check if logs capture returned tokens or metadata.

Warning: the IP 169.254.169.254 is a well-known link-local address used by many cloud providers (including Azure, AWS, Google Cloud) to expose instance metadata and identity/token services. Treat any webhook or callback that uses this address as highly sensitive: it can be used to obtain credentials or tokens for the VM or container hosting the service. The following deep text explains risks, attack techniques, detection, mitigation, and secure design patterns.