🏠 Home ℹ️ About Us
📩 Contact Us 🔔 Notice
🔑 Log In 📝 Free Sign Up

Chapter 23 · Part 3

Request IP Whitelist

Whitelist the server IPs that call our SMS API and WABA API yourself — no waiting for support. An email confirmation step keeps your account safe: no IP goes live until a secure link is approved.

What is IP whitelisting?

IP whitelisting restricts your SMS API and WhatsApp Business API (WABA) access to a list of approved server IP addresses. Once the feature is enabled, the API accepts calls only from IPs on your whitelist — so even if your API credentials were ever stolen, they’d be useless from anywhere else.

This page makes whitelisting self-service: you submit the IPv4 address of your server, confirm the request through a secure single-use link sent to your registered account email(s), and the IP is activated the moment the link is approved — no waiting for support, and every step is written to a security log.

Before you start

  • Log in with the main account — sub accounts can’t request IP whitelisting. If you use a sub account, ask your main account administrator.
  • Two-Factor Authentication (2FA) must be enabled — only 2FA-protected accounts can request. The page shows your status; if 2FA is off, contact us to enable it first.
  • The IP whitelist feature must be enabled on your account — this is the setting that makes the API accept calls only from your approved IPs.
  • Have your IPv4 address(es) ready — maximum 2 per request, e.g. 203.0.113.10. IPv6 can’t be requested online; contact us and we’ll handle it.

From request to active IP

Submit request

Up to 2 IPv4 IPs

Email sent

Secure link to your email(s)

Open secure link

Valid for 24 hours only

Approve request

Approver email, IP & time recorded

IP active

Whitelisted immediately

Not approved within 24 hours? The link expires automatically and no IP is whitelisted — simply submit a new request.

The flow in detail

Phase 1 · Submitting a request

You submit a request Up to 2 IPv4 addresses System checks Format, duplicates, limits fail Rejected Error message shown pass Request saved as pending No IP is active yet Confirmation emails sent Unique link per account email You System Email Rejected

Phase 1 · Submitting a request from the member portal.

Nothing is whitelisted in phase 1 — the request just waits as pending. Every email address registered on your account receives the same request details, but each with its own unique link, so it’s always known exactly which address confirmed. Phase 2 is what happens when one of those links is opened:

Phase 2 · Confirming the request from your email

Open the email link Each link identifies its email Link validation Single-use, 24-hour expiry fail Invalid or expired Submit a new request valid Review and decide Approve or Reject button approve reject IP active immediately Everyone is notified Request rejected No changes made Email System You Approved Rejected

Phase 2 · Confirming the request from your email.

Your whitelist at a glance

Log in with your main account and open Account → Request IP Whitelist. The summary cards show where everything stands.

Whitelisted IPs
Active now
Pending
Awaiting email
Approved
Confirmed
Link validity
24 hours

Request a whitelist

  1. 1

    Check your security status

    The green box on the request form confirms your account meets the requirements — 2FA and the IP whitelist feature both showing enabled. The page also lists your currently whitelisted IPs and request history.

  2. 2

    Enter your IP address(es)

    Fill in IP Address 1 (e.g. 203.0.113.10) — a second IP is optional, maximum 2 per request, IPv4 only. Add a short Remark (e.g. “Production server”) for your own reference; it’s shown in the confirmation email.

  3. 3

    Send the confirmation email

    Click Send confirmation email and confirm the dialog. Only one request can be pending at a time — if one is already waiting, approve it from your email or cancel it in the history table first.

The Request IP Whitelist page: security requirement status, the request form with two IP address fields and a remark, the whitelist process flow, and the table of currently whitelisted API IPs.
Fig. 1The Request IP Whitelist page — requirements at the top, the request form, and your active IPs.
The Send confirmation email dialog: a secure 24-hour link will be emailed to the account email addresses, and the IP is only whitelisted after the link is approved.
Fig. 2Confirming the request — note the sender address shown here, and whitelist it in your mailbox so the email isn’t lost to spam.

Approve it from your email

  1. 1

    Check your inbox

    Every email address registered on your account receives the confirmation email, each with its own unique, single-use secure link that expires 24 hours after the request. If it doesn’t arrive within a few minutes, check your spam/junk folder and whitelist the sender address shown in the confirmation dialog.

  2. 2

    Review the request

    Click Review & approve request in the email. A secure page opens showing the full request — the IP address(es), remark, requester, request time, and the requester’s IP and browser. Check the details carefully. Just opening the link changes nothing; only pressing a button does.

  3. 3

    Approve — or reject

    If everything is correct, press Approve & whitelist now — the IPs go active for API access immediately. If you did not expect the request, press Reject request: nothing is whitelisted and every other link for that request stops working.

The confirmation email: the requested IP addresses and remark, a Review and approve request button, the link expiry time, and the requester's IP and browser.
Fig. 3The confirmation email — a unique secure link, bound to the address it was sent to.
The secure confirmation page: account, IP addresses, remark, request details, link expiry, and the Approve & whitelist now and Reject request buttons.
Fig. 4The secure review page — approve to activate immediately, or reject to stop the request.
The success page after approving: IP whitelisted successfully, the now-active IP addresses, who approved it, and confirmation that all account emails are notified.
Fig. 5Approved — the IPs are active for the API straight away.

Everyone is notified

After any decision, a notice goes to all registered account emails stating the outcome, who actioned it, from which IP, and when — an unexpected change can’t stay hidden. If you receive a notification you don’t recognise, contact us immediately.

The APPROVED notification email: the IP addresses now active on the API whitelist, plus who actioned it, from which IP, and when.
Fig. 6The approved notice — sent to every account email.
The REJECTED notification email: the request was rejected, no changes were made, plus who actioned it, from which IP, and when.
Fig. 7The rejected notice — no changes were made.

Track your requests

The request page keeps two searchable tables: Currently whitelisted API IPs (status and date added) and your Request history. A pending request can be cancelled any time — cancelling immediately invalidates the emailed links. To remove an already-whitelisted IP, please contact us; self-service covers adding IPs only.

  • PendingWaiting for email confirmation — check your inbox. The history shows the link’s expiry time.
  • ApprovedConfirmed and active, with the approver’s email and the time.
  • RejectedDeclined from the email link. No IP was whitelisted.
  • ExpiredNo one confirmed within 24 hours. Submit a new request if still needed.
  • CancelledYou cancelled it from the portal before confirmation.
Link says invalid or nothing to confirm? The link was already used (someone approved or rejected — check the status in your history), the request was cancelled, or the URL wasn’t copied completely. Always use the button, or the full link, from the newest email.
The request page tables: the How it works security rules, the currently whitelisted API IPs with status and date, and the request history with Approved, Rejected, and Cancelled entries.
Fig. 8Whitelisted IPs and request history — every request’s outcome, approver, and expiry is recorded.
One whitelist, both APIs. Approved IPs apply to your SMS API and WABA API calls alike — whitelist your server once and both are covered. Every step (request, email, click, decision) is written to the security log.
Need help?
Our team is happy to assist with anything in this guide. Contact us →

📱 SMS Coverage — All Countries Worldwide

A B C D E F G H I J K L M N O P Q R S T U V Y Z