Brevo logs every IP address attempting to make API calls using one of your API keys. This allows you to verify their origin and ensure the call is authorized. For added security, you can:
- Decide how to manage unknown IP addresses when an API call is made, and
- Manually add an IP address to your list of authorized IP addresses.
Good to know
Only account owners or users with the SMTP & API - Authorized IPs permission can add an IP address to the list of authorized IP addresses.
Decide how to manage unknown IP addresses when an API call is made
When an API call is made using an unknown IP address, you can choose to manage it in the following ways:
-
Option 1: Let Brevo automatically review and authorize unknown IP addresses on your behalf [Recommended]
Allow Brevo to automatically authorize unknown IP addresses, while you manually review the ones that seem suspiscious. -
Option 2: Manually review and authorize unknown IP addresses
Manually review and authorize each unknown IP address before allowing API calls. -
Option 3: Do not review unknown IP addresses
Allow unknown IP addresses to make API calls without any review.
Option 1: Let Brevo automatically review and authorize unknown IP addresses on your behalf [Recommended]
This option is automatically activated on all Brevo accounts 30 days after the creation of your first API key. Any IP addresses used during this period will be considered trustworthy. If you activate the option on your own within those 30 days, your IP addresses will not be recognized and could be blocked. To prevent this, you can manually add them to your list of authorized IP addresses.
The fastest and most secure way to protect your API calls is to let Brevo review all IP addresses and automatically approve authorized IP addresses and unknown IP addresses that are considered trustworthy, including those used during the first 30 days after creating your first API key.
If Brevo cannot automatically authorize an unknown IP address, the API call will be blocked and you will receive an email with the following options:
- Authorize the unknown IP address.
- Deny authorization and update the API key.
- Deactivate the automatic review and blocking to automatically authorize all IP addresses.
Once an IP address is approved, it will be automatically added to your list of authorized IP addresses .
Option 2: Manually review and authorize unknown IP addresses
Another way to protect your API calls is to let Brevo review all IP addresses and automatically approve only authorized ones.
If an IP address cannot be automatically authorized, the API call will be blocked. You can then manually review the IP address and add it to your list of authorized IP addresses if needed.
Option 3: Do not review unknown IP addresses
If you deactivate the review and blocking of IP addresses, any IP address attempting to make API calls using one of your API keys will be accepted automatically.
Your list of authorized IPs will be saved in case you choose to activate the feature again later.
Manually add an IP address to your list of authorized IP addresses
To prevent trusted IP addresses from being blocked, you can proactively add them to your list of authorized IP addresses. This ensures that any API calls from these addresses won't be blocked and will let Brevo automatically review and authorize unknown IP addresses on your behalf.
- Go to your account name and select Security > Authorized IPs.
- Click Add authorized IP address.
- Type the IP address or IP address range you want to authorize.
💡 Good to knowAn IP address is structured as a sequence of 4 numbers separated by dots, with each number ranging from 0 to 255 (e.g., 118.29.251.24). An IP address range is a group of IP addresses (e.g., 192.168.0/16). - Click Add authorized IP address.
The IP address has been added to your list of authorized IP addresses.
Manually remove an IP address from your list of authorized IP addresses
When an IP address is authorized, it is added to your list of authorized IP addresses. If needed, you can also manually remove an IP address.
- Go to your account name and select Security > Authorized IPs.
- Select the IP address you want to remove.
- Click Delete this authorized IP address.
- Click Delete IP address.
The IP address has been removed and cannot be used to make API calls anymore.
🤔 Have a question?
If you have a question, feel free to contact our support team by creating a ticket from your account. If you don't have an account yet, you can contact us here.
If you’re looking for help with a project using Brevo, we can match you with the right certified Brevo expert partner.