IP security & authorization | Brevo API Documentation

IP security restricts API access to specific IP addresses. Only requests from whitelisted IPs are authorized, blocking unauthorized access to your account.

How IP security works

When enabled, Brevo validates the source IP address of each API request. Requests from unauthorized IPs are blocked, preventing access even if the API key is valid.

Configure authorized IPs

Open security settings

Click your name in the top-right corner, then select Security from the menu.

Navigate to Authorized IPs

Go to the Authorized IPs section in the Security menu.

Choose authorization method

Select one of two authorization methods:

Automatic authorization

Brevo automatically reviews IP addresses from API calls
IPs are authorized after security checks pass
No manual intervention required

Email notifications

Brevo sends email notifications for unknown IP addresses
You manually authorize IPs from the notification email
Requires manual approval for each new IP

Add IP addresses manually

Manually add specific IP addresses or IP ranges in the Authorized IPs tab. Enter IP addresses one per line or use CIDR notation for ranges.

Block unknown IPs

Enable “Block unknown IP addresses” to automatically reject requests from IPs not in your authorized list. This provides maximum security by blocking all unauthorized access attempts.

When “Block unknown IP addresses” is enabled, API requests from non-whitelisted IPs are immediately rejected. Ensure your server IPs are added to the authorized list before enabling this feature.

Use IP security to restrict API access to known servers and environments. This adds an extra layer of protection beyond API key authentication.