Plivo's IP Whitelisting feature adds an extra layer of API access control by allowing requests only from specified IP addresses or CIDR ranges. This helps protect your account from unauthorized access.
Note: This is a request only feature. Please fill this form to request access to the feature.
🛠️ 1. Steps to Set Up IP Whitelisting
Step 1: Navigate to IP Whitelisting
- Click on this link: https://console.plivo.com/accounts/ip-whitelist/
OR
- Log in to your Plivo Dashboard.
- Go to Account Settings > IP Whitelisting from the left navigation pane.
Step 2: Add IPs
- Click + Add CIDR Address.
- In the modal popup, enter one or more IP addresses in CIDR format (comma-separated).
- Example: 192.0.2.0/24, 1.1.1.1/32
- Click Add to save the entries.
Step 3: Enable IP Whitelisting
- Toggle the switch to Enable IP Whitelisting.
- Confirm via the popup that enabling will restrict API access to listed IPs only.
Step 4: Confirm Entries
- After enabling, the system will block any API request not coming from whitelisted IPs.
- The list will show all currently active CIDRs with subnet masks.
- You can edit or delete any entry at any time.
✅ 2. Instructions for IPs to Be Added (Avoiding Errors)
To ensure smooth configuration, please follow these validation rules:
| Error Case | How to Avoid |
| Invalid Format | Always enter IPs in proper CIDR format. Ex: 192.168.1.0/24 or 2001:db8::/64 |
| Duplicate Entry | Do not re-enter an IP or CIDR already present in the list |
| Subset Already Exists | Avoid adding an IP that is already covered by a broader CIDR |
| Superset Conflict | You must remove more specific entries before adding a broader range |
| Private or Special Ranges Blocked | Avoid using localhost (e.g., 127.0.0.1/32) or reserved/documentation IPs |
| Limit Reached (50 CIDRs) | Remove an existing IP if you've already reached the limit of 50 entries |
ℹ️ Key Pointers
- ✅ The system matches the requesting IP address against the whitelist using CIDR matching.
- ❌ Requests from non-whitelisted IPs will receive an HTTP 403 (Forbidden) response.
- ✅ Only “Allow” rules are supported; no “deny” or custom logic at this time.
- 🔄 Max 50 CIDRs allowed per account.
- 👥 Subaccounts inherit the parent account’s whitelist rules — subaccount CIDRs cannot be independently managed.
- 🔁 Validation checks occur both while adding new entries and editing existing ones to avoid overlaps, supersets, and duplicates.
- 🛡️ IP Whitelisting can be toggled ON/OFF by the main account user using the feature flag toggle.
❓ 3. Frequently Asked Questions (FAQs)
Q: What happens if my IP is not whitelisted?
A: Your API requests will be rejected with an HTTP 403 Forbidden response.
Q: How many CIDRs can I add?
A: You can add up to 50 CIDR entries per account.
Q: Can I add a single IP without a CIDR mask?
A: No. You must use CIDR format. For single IPs, use /32 for IPv4 or /128 for IPv6 (e.g., 203.0.113.5/32).
Q: Can I whitelist IP ranges?
A: Yes, use CIDR notation (e.g., 203.0.113.0/24) to specify a range.
Q: Can subaccounts have different IP rules?
A: No. Subaccounts will follow the CIDR rules of their parent account.
Q: How can I troubleshoot blocked access?
A: Check that:
- Your current IP matches one of the CIDRs.
- IP Whitelisting is enabled.
- There are no formatting or range-related issues with your entry.
Q: Will disabling the toggle remove the CIDRs?
A: No, it will just pause enforcement. The list is retained.
Would you like a downloadable PDF or HTML version of this document for user onboarding or support sharing?