Authorize IP addresses for API calls to improve security

💡 Good to know
This feature is enabled by default for all Brevo accounts created after May 16, 2024. To learn how to disable it, check our dedicated section Disable the IP address detection and authorization.

Every time someone makes an API call using your account, their IP address is registered on Brevo and can be used to identify where the API call came from. By authorizing specific IP addresses, Brevo will only accept API requests that come from those authorized IPs. This helps secure your Brevo account and keep your data private.

Good to know

  • Brevo allows you to use an API key and API calls to perform actions remotely like sending emails, SMS, and transactional emails.
    ➡️ To learn more about API keys, check our dedicated article Create and manage your API keys.
  • Only account owners or users with the SMTP & API - Authorized IPs permission can authorize new IP addresses.

Choose how you want to handle IP addresses in API calls

To access the Authorized IPs page, click the account dropdown > Security > Authorized IPs

From there, you have three options to decide how you want to handle IP addresses in API calls:

  • Option 1. Let Brevo's powerful algorithm authorize IP addresses and only review the ones that are suspicious (default behavior for accounts created after May 16, 2024)
  • Option 2. Manually authorize IP addresses and review all unknown IP addresses
  • Option 3. Disable the Authorized IPs feature and allow all IP addresses to make API calls

Option 1. Automatically authorize IP addresses

By default, this option is enabled on all Brevo accounts created after May 16, 2024. It is the quickest and safest way to secure who makes API calls on your account. Brevo's powerful algorithm automatically reviews every unknown IP address attempting to make API calls and authorizes the ones it deems trustworthy, without you needing to do anything.

If Brevo can't automatically authorize an IP address, we'll send you an email. The email will provide you with the following options:

  • Authorize the new IP address.
  • Choose not to authorize it and update the API key instead.
  • Disable the review of IP addresses and authorize all new ones automatically.

Once an IP address is authorized, it is added to the list of authorized IP addresses ⬇️:

Option 2. Authorize and review unknown IP addresses yourself

When you select this option, Brevo's powerful algorithm automatically reviews every unknown IP address attempting to make API calls. If an IP address appears suspicious, the API call is blocked. However, you will have the ability to manually authorize it yourself, if necessary.

➡️ To learn how to manually authorize a new IP address, check our dedicated section Manually authorize new IP addresses.

Option 3. Disable the IP address detection and authorization

If you disable IP address authorization, all IP addresses making API calls on your account will be accepted automatically. The filtering process for API calls will stop, and the list of authorized IP addresses will be removed from the Authorized IPs page.

Manually authorize new IP addresses

When you choose to automatically authorize IP addresses (option 1) or authorize and review unknown IP addresses yourself (option 2), we give you the ability to manually authorize new IP addresses directly from Brevo:

  1. Go to the Authorized IPs page.
  2. Click Authorize new IP address
  3. Type the IP address or IP address range you want to authorize.
    💡 Good to know
    An IP address is structured as a sequence of 4 numbers separated by dots, with each number ranging from 0 to 255 (e.g., 118.29.251.24). An IP address range is a group of IP addresses (e.g., 192.168.0/16).
  4. Click Authorize new IP

The IP address has been added to the list of authorized IPs and will be able to make API calls on your account.

Manually remove authorized IP addresses

As we saw earlier, when an IP address is authorized, it is added to the list of Authorized IP addresses for API calls on the Authorized IPs page. From there, you can also manually remove an IP address:

  1. Go to the Authorized IPs page. 
  2. Select the IP address you want to remove. 
  3. Click Remove this authorized IP address

The IP address has been removed and cannot make API calls anymore.

❗️ Important
Note that if automatic authorization is enabled, an IP you previously removed can be authorized again if it makes another API call and is deemed trustworthy.

🤔 Have a question?

If you have a question, feel free to contact our support team by creating a ticket from your account. If you don't have an account yet, you can contact us here.

If you’re looking for help with a project using Brevo, we can match you with the right certified Brevo expert partner.

💬 Was this article helpful?

5 out of 12 found this helpful