Policy
In general, we do not recommend IP whitelisting our services since it can be fragile to maintain and there are almost always better ways of ensuring security and establishing authenticity.
Connections to Broadbean applications, Services, or APIs
Where Broadbean are hosting services (e.g. our Adcourier or Search products, or one of our APIs), we do not guarantee a consistent IP address or exclusive range. Many of our solutions are hosted in cloud services and the provider may change IP addresses in order to scale, upgrade or evolve the service. DNS is used to ensure that the provided domain names will always route requests to the current service IP addresses.
- If you want to whitelist access to Broadbean-hosted applications, services or APIs for your users, we recommend using domain whitelisting instead of IP whitelisting since it is more stable. This way, if the IP address changes our DNS will update and no change is needed in your configuration and users' access to the service will not be interrupted.
- For establishing authenticity you should always access using TLSv1.2 and ensure your policies verify that the certificate is valid.
Connections from Broadbean to external services
If you are hosting services or APIs with which Broadbean are integrated, we would recommend that you ensure strong TLS and authentication mechanisms are used in front of your APIs, since this will generally be the best way to confirm the identity and authenticity of requests and avoid the need for IP whitelisting.
We understand, however, that some clients or partners may still wish to additionally whitelist access to specific IP ranges in these situations. Since this configuration is outside of our control we can not easily determine where such whitelists are implemented. It is therefore unfortunately not possible for us to reliably directly inform individual contacts when we need to make changes to our infrastructure which may lead to IP addresses changes.
Instead, we will maintain a list of currently active Broadbean IP addresses for our outbound traffic below, in order that you can monitor and update configuration accordingly when necessary.
Currently active Broadbean IP addresses for outbound traffic:
You may also set up tools to automatically detect changes to this list by programmatically monitoring the same IP list in a JSON data structure format here
Although it may not always be possible, we will provide advanced notice of any changes to the IP ranges where we can, by updating these documents. If you do wish to whitelist Broadbean IP addresses it's important that you ensure you monitor these URLs reguarly and update your configurations accordingly when they change.