> ## Documentation Index
> Fetch the complete documentation index at: https://docs.rootly.com/llms.txt
> Use this file to discover all available pages before exploring further.

# IP Whitelist

> Allowlist the IP addresses and hostnames needed for traffic between Rootly and your network, in both directions, through firewalls and proxies.

## Overview

When connecting Rootly to your internal systems or third-party services, you may need to allow traffic from Rootly’s outbound IP addresses.

Rootly uses a fixed set of outbound IP addresses for:

* Integration traffic
* Outbound webhook delivery

If your infrastructure restricts inbound traffic by source IP, add the addresses below to your firewall, security group, or allowlist configuration.

<Note>
  This page covers two directions. Use the fixed IP addresses below to allow traffic **from Rootly to your systems** (webhooks and integrations). To allow your own network to reach **Rootly's web app and API**, see [Connecting to Rootly from a restricted network](#connecting-to-rootly-from-a-restricted-network).
</Note>

## Security Considerations

IP whitelisting adds an extra layer of network security by helping you:

* Restrict access to trusted IP addresses
* Prevent unauthorized connections from unknown sources
* Meet internal security or compliance requirements
* Protect systems that receive data from Rootly

## Rootly Outbound IP Addresses

Add the following IPv4 addresses to your allowlist:

### Production IP Addresses

```text theme={null}
34.232.217.139/32
18.213.181.255/32
```

<Note>
  These addresses are used for both integration traffic and outbound webhook delivery.
</Note>

<Note>
  **IP Address Stability:** These production IP addresses are permanent and will not change. You can safely use them in long-term firewall rules and security policies.
</Note>

## Common Use Cases

### Webhook Endpoints

If Rootly sends webhooks to your systems:

* Whitelist both IP addresses on the receiving endpoint
* Ensure your endpoint accepts HTTPS traffic
* Verify your SSL certificates are valid

### API Access

If Rootly makes API calls to your services:

* Update firewall or load balancer rules to allow these IPs
* Confirm your API gateway accepts traffic from both addresses
* Test connectivity after making changes

## Connecting to Rootly from a restricted network

If your network restricts **outbound** traffic, you may need to allow your users and servers to reach Rootly — for example, to open the web app or call the REST API from inside a locked-down environment.

Rootly's web app and APIs sit behind Cloudflare, so there is no fixed set of destination IP addresses to allowlist. Cloudflare's addresses are shared ranges that rotate. Allow outbound HTTPS (port 443) to Rootly's hostnames instead:

| Hostname                | Purpose                                       |
| ----------------------- | --------------------------------------------- |
| `rootly.com`            | Web app and login                             |
| `api.rootly.com`        | REST API                                      |
| `mobile-api.rootly.com` | Rootly mobile app (only if your team uses it) |
| `rec.rootly.com`        | Edge Connector (only if you deploy it)        |

<Note>
  Allow only the hostnames your team uses. `mobile-api.rootly.com` is needed only for the mobile app, and `rec.rootly.com` only if you run the [Edge Connector](/edge-connectors-installation).
</Note>

If your firewall can only allowlist IP ranges rather than hostnames, allow Cloudflare's published IP ranges, available at [cloudflare.com/ips](https://www.cloudflare.com/ips/). These front all traffic to Rootly.

<Warning>
  Do not use the fixed IP addresses listed above to reach Rootly. Those are the source addresses of traffic Rootly sends to you — they are not the destinations your network connects to.
</Warning>

## Testing Your Configuration

After updating your allowlist:

1. Verify integration connectivity in Rootly
2. Check integration or delivery logs for connection errors
3. Test webhook delivery if applicable
4. Review firewall or security logs to confirm traffic is allowed

<Warning>
  If these IP addresses are not properly allowlisted, integrations may fail, webhooks may not be delivered, and data synchronization may be incomplete.
</Warning>

## Getting IP Ranges via API

You can also retrieve the current IP ranges programmatically using Rootly’s IP ranges API.

The API returns:

* `integrations_ipv4`
* `integrations_ipv6`
* `webhooks_ipv4`
* `webhooks_ipv6`

This is useful if you want to automate allowlist updates or verify the current published ranges from code instead of hardcoding them.

## IPv6

Rootly also exposes IPv6 fields in the IP ranges API. If IPv6 ranges are added in the future, they will be reflected there alongside the IPv4 ranges.

## Need Help?

If you run into issues with IP allowlisting, contact [support@rootly.com](mailto:support@rootly.com) and include your integration details and network configuration.
