> ## Documentation Index
> Fetch the complete documentation index at: https://plivo.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# API Access Control (IP Whitelisting)

> Restrict Plivo API access to specific IP addresses from your account settings

<Info title="TL;DR">
  * **What:** Restrict which IP addresses can make API requests to your Plivo account. Requests from non-whitelisted IPs are rejected with HTTP 403
  * **Direction:** Inbound (your servers → Plivo API)
  * **How:** Add CIDR entries in **Account Settings > IP Whitelisting** in the Console. Max 50 entries per account
  * **Note:** This controls API access only. For firewall rules to allow Plivo traffic to reach your servers, see [Voice Firewall & Network Configuration](/voice/concepts/firewall-network-configuration/) or [Messaging Firewall & Network Configuration](/messaging/concepts/firewall-network-configuration/)
</Info>

IP Whitelisting adds an extra layer of API access control by allowing requests only from specified IP addresses or CIDR ranges. When enabled, any API request from a non-whitelisted IP is rejected with an HTTP 403 Forbidden response.

***

## Key Points

* Plivo matches the requesting IP address against your whitelist using CIDR matching.
* Requests from non-whitelisted IPs receive an HTTP `403 Forbidden` response.
* Only "Allow" rules are supported — there are no "deny" or custom logic rules.
* Maximum of 50 CIDR entries per account.
* Subaccounts inherit the parent account's whitelist rules. Subaccount CIDRs cannot be independently managed.
* Validation checks run when you add new entries and when you edit existing ones to prevent overlaps, supersets, and duplicates.
* IP Whitelisting takes effect as soon as you add your first CIDR entry.

***

## Set Up IP Whitelisting

### Step 1: Navigate to IP Whitelisting

1. Log in to the [Plivo console](https://cx.plivo.com/home).
2. Go to **Account Settings > IP Whitelisting** from the left navigation pane.

### Step 2: Add IPs

1. Click **+ Add CIDR Address**.
2. In the modal popup, enter one or more IP addresses in CIDR format (comma-separated).
   * Example: `192.0.2.0/24, 1.1.1.1/32`
3. Click **Add** to save the entries.

### Step 3: Confirm Entries

After adding CIDRs, the system blocks any API request not coming from whitelisted IPs. The list shows all currently active CIDRs with subnet masks. You can edit or delete any entry at any time.

<Warning>
  Before enabling, make sure you have added the IP addresses of all servers, CI/CD pipelines, and developer machines that make Plivo API calls. Forgetting an IP locks out those systems immediately.
</Warning>

***

## Validation Rules

Follow these rules to avoid configuration errors.

| Error Case                        | How to Avoid                                                                |
| --------------------------------- | --------------------------------------------------------------------------- |
| Invalid Format                    | Enter IPs in proper CIDR format (e.g., `192.168.1.0/24` or `2001:db8::/64`) |
| Duplicate Entry                   | Do not re-enter an IP or CIDR already present in the list                   |
| Subset Already Exists             | Avoid adding an IP that is already covered by a broader CIDR                |
| Superset Conflict                 | Remove more specific entries before adding a broader range                  |
| Private or Special Ranges Blocked | Avoid using localhost (e.g., `127.0.0.1/32`) or reserved/documentation IPs  |
| Limit Reached (50 CIDRs)          | Remove an existing IP if you have already reached the limit of 50 entries   |

***

## FAQ

***

### What happens if my IP is not whitelisted?

Your API requests are rejected with an HTTP `403 Forbidden` response:

```json theme={null}
{
  "api_id": "<request-id>",
  "error": "Access denied. The request originated from IP <client_ip>, which is not in the IP whitelist for this account. Update your IP whitelist in the console. Refer to https://www.plivo.com/docs/account/concepts/ip-whitelisting for more details."
}
```

***

### How many CIDRs can I add?

You can add up to 50 CIDR entries per account.

***

### Can I add a single IP without a CIDR mask?

No. You must use CIDR format. For single IPs, use `/32` for IPv4 or `/128` for IPv6 (e.g., `203.0.113.5/32`).

***

### Can I whitelist IP ranges?

Yes, use CIDR notation (e.g., `203.0.113.0/24`) to specify a range.

***

### Can subaccounts have different IP rules?

No. Subaccounts follow the CIDR rules of their parent account.

***

### How can I troubleshoot blocked access?

Check that:

* Your current IP matches one of the whitelisted CIDRs.
* There are no formatting or range-related issues with your entries.

***

## Related Resources

* [Voice: Firewall & Network Configuration](/voice/concepts/firewall-network-configuration/) — Plivo IP ranges and ports to whitelist on your firewall for SIP, RTP, and voice callbacks
* [Messaging: Firewall & Network Configuration](/messaging/concepts/firewall-network-configuration/) — Plivo IP ranges to whitelist on your firewall for messaging callbacks
* [Account Management FAQ](/faq/account/account-management/) — General account security best practices
