Overview
When connecting Rootly to your internal systems or third-party services, you may need to allow traffic from Rootly’s outbound IP addresses. Rootly uses a fixed set of outbound IP addresses for:- Integration traffic
- Outbound webhook delivery
This page covers two directions. Use the fixed IP addresses below to allow traffic from Rootly to your systems (webhooks and integrations). To allow your own network to reach Rootly’s web app and API, see Connecting to Rootly from a restricted network.
Security Considerations
IP whitelisting adds an extra layer of network security by helping you:- Restrict access to trusted IP addresses
- Prevent unauthorized connections from unknown sources
- Meet internal security or compliance requirements
- Protect systems that receive data from Rootly
Rootly Outbound IP Addresses
Add the following IPv4 addresses to your allowlist:Production IP Addresses
These addresses are used for both integration traffic and outbound webhook delivery.
IP Address Stability: These production IP addresses are permanent and will not change. You can safely use them in long-term firewall rules and security policies.
Common Use Cases
Webhook Endpoints
If Rootly sends webhooks to your systems:- Whitelist both IP addresses on the receiving endpoint
- Ensure your endpoint accepts HTTPS traffic
- Verify your SSL certificates are valid
API Access
If Rootly makes API calls to your services:- Update firewall or load balancer rules to allow these IPs
- Confirm your API gateway accepts traffic from both addresses
- Test connectivity after making changes
Connecting to Rootly from a restricted network
If your network restricts outbound traffic, you may need to allow your users and servers to reach Rootly — for example, to open the web app or call the REST API from inside a locked-down environment. Rootly’s web app and APIs sit behind Cloudflare, so there is no fixed set of destination IP addresses to allowlist. Cloudflare’s addresses are shared ranges that rotate. Allow outbound HTTPS (port 443) to Rootly’s hostnames instead:Allow only the hostnames your team uses.
mobile-api.rootly.com is needed only for the mobile app, and rec.rootly.com only if you run the Edge Connector.Testing Your Configuration
After updating your allowlist:- Verify integration connectivity in Rootly
- Check integration or delivery logs for connection errors
- Test webhook delivery if applicable
- Review firewall or security logs to confirm traffic is allowed
Getting IP Ranges via API
You can also retrieve the current IP ranges programmatically using Rootly’s IP ranges API. The API returns:integrations_ipv4integrations_ipv6webhooks_ipv4webhooks_ipv6