Skip to main content
IP Whitelisting adds an extra layer of API access control by allowing requests only from specified IP addresses or CIDR ranges. When enabled, any API request from a non-whitelisted IP is rejected with an HTTP 403 Forbidden response.
This feature controls which IPs can make API requests to Plivo. For firewall and SIP/RTP network whitelisting, see IP Address Whitelisting.

Key Points

  • Plivo matches the requesting IP address against your whitelist using CIDR matching.
  • Requests from non-whitelisted IPs receive an HTTP 403 Forbidden response.
  • Only “Allow” rules are supported — there are no “deny” or custom logic rules.
  • Maximum of 50 CIDR entries per account.
  • Subaccounts inherit the parent account’s whitelist rules. Subaccount CIDRs cannot be independently managed.
  • Validation checks run when you add new entries and when you edit existing ones to prevent overlaps, supersets, and duplicates.
  • IP Whitelisting takes effect as soon as you add your first CIDR entry.

Set Up IP Whitelisting

Step 1: Navigate to IP Whitelisting

  1. Log in to the Plivo console.
  2. Go to Account Settings > IP Whitelisting from the left navigation pane.

Step 2: Add IPs

  1. Click + Add CIDR Address.
  2. In the modal popup, enter one or more IP addresses in CIDR format (comma-separated).
    • Example: 192.0.2.0/24, 1.1.1.1/32
  3. Click Add to save the entries.

Step 3: Confirm Entries

After adding CIDRs, the system blocks any API request not coming from whitelisted IPs. The list shows all currently active CIDRs with subnet masks. You can edit or delete any entry at any time.
Before enabling, make sure you have added the IP addresses of all servers, CI/CD pipelines, and developer machines that make Plivo API calls. Forgetting an IP locks out those systems immediately.

Validation Rules

Follow these rules to avoid configuration errors.
Error CaseHow to Avoid
Invalid FormatEnter IPs in proper CIDR format (e.g., 192.168.1.0/24 or 2001:db8::/64)
Duplicate EntryDo not re-enter an IP or CIDR already present in the list
Subset Already ExistsAvoid adding an IP that is already covered by a broader CIDR
Superset ConflictRemove more specific entries before adding a broader range
Private or Special Ranges BlockedAvoid using localhost (e.g., 127.0.0.1/32) or reserved/documentation IPs
Limit Reached (50 CIDRs)Remove an existing IP if you have already reached the limit of 50 entries

FAQ

What happens if my IP is not whitelisted?

Your API requests are rejected with an HTTP 403 Forbidden response.

How many CIDRs can I add?

You can add up to 50 CIDR entries per account.

Can I add a single IP without a CIDR mask?

No. You must use CIDR format. For single IPs, use /32 for IPv4 or /128 for IPv6 (e.g., 203.0.113.5/32).

Can I whitelist IP ranges?

Yes, use CIDR notation (e.g., 203.0.113.0/24) to specify a range.

Can subaccounts have different IP rules?

No. Subaccounts follow the CIDR rules of their parent account.

How can I troubleshoot blocked access?

Check that:
  • Your current IP matches one of the whitelisted CIDRs.
  • There are no formatting or range-related issues with your entries.