For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Help CenterAPI KeysStatusSign In
GuidesAPI ReferenceChangelog
GuidesAPI ReferenceChangelog
  • Getting started
    • Overview
    • Quickstart
    • Authentication
      • API key authentication
      • IP security
    • Rate limits
  • Messaging API
    • Send transactional email
    • Send transactional SMS
    • Send transactional WhatsApp
  • Marketing Platform
    • Manage your contacts
    • Track website activity
    • Send WhatsApp campaigns
    • Weekly event exports
  • Webhooks
    • Getting started
    • Conversations webhooks
    • Payment webhooks
    • Marketing webhooks
    • Transactional webhooks
    • Loyalty webhooks
    • Batched webhooks
    • Secure webhook calls
    • Meetings and phone webhooks
    • Push notification webhooks
    • Sales CRM webhooks
  • Conversations
    • Getting started
    • Customize the chat widget
    • JavaScript API reference
    • REST API reference
    • Conversations webhooks
  • eCommerce
    • Activate eCommerce app
    • Manage product categories
    • Manage products
    • Manage orders
    • Coupon collections
    • eCommerce tracker events
  • Loyalty
    • Overview
    • Set up a program
    • Enroll members
    • Credit & debit points
    • Read member data
    • Best practices
  • Custom Objects
    • Custom objects management
  • Brevo tracker and events
    • Getting started
    • JavaScript implementation
    • REST implementation
    • Legacy tracker documentation
    • Events
  • Accounts and settings
    • Senders and domains
    • User activity logs
    • External feeds
    • Invited users
LogoLogo
Help CenterAPI KeysStatusSign In
On this page
  • How IP security works
  • Configure authorized IPs
  • Block unknown IPs
Getting startedAuthentication

IP security & authorization

Restrict API access to authorized IP addresses
Was this page helpful?
Previous

Rate limits

Understand API rate limits and how to handle rate limit responses
Next
Built with

IP security restricts API access to specific IP addresses. Only requests from whitelisted IPs are authorized, blocking unauthorized access to your account.

How IP security works

When enabled, Brevo validates the source IP address of each API request. Requests from unauthorized IPs are blocked even if the API key is valid.

Configure authorized IPs

1

Open security settings

Click your name in the top-right corner, then select Security from the menu.

2

Navigate to Authorized IPs

Go to the Authorized IPs section in the Security menu.

Security settings

3

Choose authorization method

Select one of two authorization methods:

Automatic authorization

  • Brevo automatically reviews IP addresses from API calls
  • IPs are authorized after security checks pass
  • No manual intervention required

Email notifications

  • Brevo sends email notifications for unknown IP addresses
  • You manually authorize IPs from the notification email
  • Requires manual approval for each new IP
4

Add IP addresses manually

Manually add specific IP addresses or IP ranges in the Authorized IPs tab. Enter IP addresses one per line or use CIDR notation for ranges.

Authorized IPs

Block unknown IPs

Enable “Block unknown IP addresses” to automatically reject requests from IPs not in your authorized list. This blocks all unauthorized access attempts.

When “Block unknown IP addresses” is enabled, API requests from non-whitelisted IPs are rejected immediately. Add your server IPs to the authorized list before enabling this feature.

Use IP security to restrict API access to known servers and environments — an extra layer of protection beyond API key authentication.