IP Allowlisting

The Partner API is protected by an IP allowlist (sometimes called an “IP whitelist”). We enforce this for both sandbox and production. Because the API includes device control capabilities, allowlisting reduces risk by limiting access to known, trusted networks and helps ensure we meet our security expectations.

Why we require an allowlist

Reduce attack surface beyond credentials alone
Protect device control endpoints (e.g. sending schedules or standby commands)
Align with customer and platform security policies
Apply the same controls to sandbox, which runs within our production perimeter

What you need to provide

Please supply the following so we can configure access:

One or more public egress IPv4 addresses or CIDR ranges for your integration servers
Which environments they apply to: Sandbox, Production, or both
An optional label/owner for each range (team, system, runner, etc.)

Multiple ranges are supported. If you need IPv6, contact us to discuss options.

Guidance for common setups

Cloud NAT / Firewall: Use a static egress IP (for example, a NAT gateway) and share that IP or range
Local development: Use a VPN with a fixed egress IP, or test via your staging environment that has a fixed egress IP

How to request or update the allowlist

During onboarding: Include your IP addresses/ranges in your initial request or onboarding survey
Post‑onboarding: Email your technical contact or support@utopi.co.uk with the ranges and target environment(s)

We’ll confirm once the configuration is in place. If you’re rotating IPs, send new ranges before removing old ones to avoid downtime.

Why we require an allowlist​

What you need to provide​

Guidance for common setups​

How to request or update the allowlist​

Why we require an allowlist

What you need to provide

Guidance for common setups

How to request or update the allowlist