Outbound calls
IP addresses are subject to change. In the event of an IP address change, Auth0 sends notifications several months before changes take place. The lists are up-to-date at the time of writing.
Public Cloud
For Public Cloud tenants, the IP addresses that you must allow through your firewall are specific to the tenant’s region.Machine-readable list
You can access a machine-readable list of the IP CIDR ranges from Auth0 CDN: https://cdn.auth0.com/ip-ranges.json.Schema
The machine-readable list contains the following properties:| Property | Data type | Description |
|---|---|---|
last_updated_at | timestamp (ISO8601) | When the list was most recently updated. |
regions | object | Collection of Auth0 tenant regions. Each tenant region object contains the following property: * ipv4_cidrs: Array of strings. List of IPv4 CIDR ranges for the given region. |
changelog | array of objects | Historical record of any and all addition or removal of IP CIDR ranges. Each object contains the following properties: * date: String. Timestamp in YYYY-MM-DD format. * region: String. Affected Auth0 region. * action: String. Action performed. Possible values are: add, remove. * ipv4_cidrs: Array of strings. List of affected CIDR ranges. |
Detecting changes
You can detect changes to the machine-readable list programmatically based on the last_updated_at property or based on Auth0’s response to a conditional HTTP request. If you send a conditional HTTP request, you can use either the If-None-Match or If-Modified-Since header. If the list has been changed, Auth0 returns a 200 (OK) HTTP response with the updated list in the body. Otherwise, Auth0 returns a 304 (Not Modified) response without a body. To learn more about conditional HTTP requests, read RFC 9110: HTTP Semantics on RFC Editor.Example of conditional HTTP request (If-None-Match header)
Example of conditional HTTP request (If-Modified-Since header)
Outbound IP addresses by region
The list of IP addresses for each region are listed below:United States
174.129.105.183, 18.116.79.126, 18.117.64.128, 18.191.46.63, 18.218.158.118, 18.218.26.94, 18.232.225.224, 18.233.90.226, 3.131.238.180, 3.131.55.63, 3.132.201.78, 3.133.18.220, 3.134.176.17, 3.19.44.88, 3.20.16.23, 3.20.244.231, 3.21.254.195, 3.211.189.167, 34.211.191.214, 34.233.19.82, 34.233.190.223, 35.160.3.103, 35.162.47.8, 35.166.202.113, 35.167.74.121, 35.171.156.124, 35.82.131.220, 44.205.93.104, 44.218.235.21, 44.219.52.110, 44.224.190.45, 44.246.144.93, 52.12.243.90, 52.14.149.14, 52.2.61.131, 52.204.128.250, 52.206.34.127, 52.33.36.223, 52.43.255.209, 52.88.192.232, 52.89.116.72, 54.145.227.59, 54.157.101.160, 54.200.12.78, 54.209.32.202, 54.245.16.146, 54.245.93.221, 54.68.157.8, 54.69.107.228Europe
18.197.9.11, 18.198.229.148, 3.125.185.137, 3.65.249.224, 3.67.233.131, 3.68.125.137, 3.72.27.152, 3.74.90.247, 34.246.118.27, 35.157.198.116, 35.157.221.52, 52.17.111.199, 52.19.3.147, 52.208.95.174, 52.210.121.45, 52.210.122.50, 52.28.184.187, 52.30.153.34, 52.57.230.214, 54.228.204.106, 54.228.86.224, 54.73.137.216, 54.75.208.179, 54.76.184.103Australia
13.210.52.131, 13.238.180.132, 13.55.232.24, 16.50.37.252, 16.51.137.244, 16.51.49.47, 54.153.131.0, 54.252.2.143, 54.79.31.78Canada
15.222.97.193, 3.97.144.31, 40.176.144.225, 40.176.166.165, 40.177.34.170, 99.79.94.44Japan
13.208.85.227, 15.152.185.222, 15.152.2.46, 15.152.28.221, 15.152.56.146, 15.152.95.63, 176.34.22.106, 35.74.30.168, 43.206.201.6, 46.51.243.250, 54.150.87.80, 54.248.192.141United Kingdom
18.135.40.36, 3.10.89.10, 3.8.59.62Private Cloud
For Private Cloud tenants, the IP addresses that you must allow through your firewall are unique to the tenant’s environment. Auth0 may receive your tenant’s private IP addresses if you enable features like Tenant Logs, , Custom Databases, and Actions that rely on them. These IP addresses are known as Primary Egress IPs and are listed under the environment’s configuration data available in the Auth0 Support Center.Inbound calls
IP addresses related to inbound calls to Auth0 may be variable due to the lack of fixed IP addresses on the load balancers. In this case, firewall rules should operate on the name of the service (for example:<YOUR_TENANT>.<YOUR_REGION>.auth0.com).
If your Auth0 subscription allows you to configure a self-managed , you can configure that custom domain to have a static IP address. Self-managed custom domains give you control over the network entry point and let you ensure that the IP address is fixed. For information on subscription plans, see Auth0 Pricing.