Brevo logs every IP address that tries to use the API keys and SMTP keys of your sub-organizations. To protect their keys, Brevo can automatically block requests from unknown IP addresses at the sub-organization level. Sub-organization users can also manually authorize trusted IP addresses to make sure they are never blocked.
For easier management, you can authorize trusted IP addresses directly from your New Admin account and share them with all your sub-organizations in one click. You can also enforce IP authorization across all sub-organizations to ensure consistent API and SMTP security at scale.
Good to know
- Authorizing IP addresses at the Admin account level does not restrict API calls made by the Admin account itself. It only allows you to share these IP addresses with all sub-organizations for centralized management.
- When you share IP addresses, they are added to each sub-organization's existing authorized IP list — they do not replace it. Shared IPs apply to both API keys and SMTP keys.
- If you stop sharing IP addresses, the shared IPs remain in each sub-organization's authorized IP list and are not automatically removed.
Manually authorize a trusted IP address from your Admin account
You can manually authorize IP addresses from your Admin account to ensure trusted
sources are always allowed across all your sub-organizations.
- From your Admin account, go to Security > Authorized IPs.
- Click Authorize IP address.
- From the IP address format dropdown, select the format of the IP address you want to authorize:
- IPv4
- IPv4 range (CIDR format)
- IPv6
- IPv6 range (CIDR format)
- Enter the IP address or IP address range you want to authorize.
- Click Authorize IP address.
The IP address appears in your Authorized IPs list and will not be blocked.
Enforce IP authorization for all sub-organizations
You can require all sub-organizations to keep IP authorization active for API keys, SMTP keys, or both. When enforced, sub-organizations cannot deactivate IP blocking for the selected key type, but they can still manage their own list of authorized IP addresses.
You can enforce IP authorization independently for API keys and SMTP keys. Select the key type you want to configure:
- From your Admin account, go to Security > Authorized IPs.
- Under Enforce IP authorization for all sub-accounts, click Enforce IP authorization for API keys.
- Click Enforce IP authorization for API keys again to confirm.
Once enforced, all sub-organizations are required to keep IP authorization active for API keys and cannot deactivate it.
- From your Admin account, go to Security > Authorized IPs.
- Under Enforce IP authorization for all sub-accounts, click Enforce IP authorization for SMTP keys.
- Click Enforce IP authorization for SMTP keys again to confirm.
Once enforced, all sub-organizations are required to keep IP authorization active for SMTP keys and cannot deactivate it.
Share authorized IP addresses with your sub-organizations
You can share the IP addresses you have authorized at the Admin account level with all your sub-organizations at once. Shared IPs are added to each sub-organization's existing authorized IP list and apply to both API keys and SMTP keys.
- From your Admin account, go to Security > Authorized IPs.
- Under Share your IP addresses with sub-accounts and third parties, click Share IP addresses.
- Click Start sharing to confirm.
The authorized IP addresses are automatically added to the Authorized IP addresses list of all your sub-organizations.
🤔 Have a question?
If you have a question, feel free to contact our support team by creating a ticket from your account. If you don't have an account yet, you can contact us here.
If you’re looking for help with a project using Brevo, we can match you with the right certified Brevo Agency partner.