Outbound IP Whitelisting

EntryGuard manages firewall rules on your cloud resources by making API calls from its backend servers. All outbound traffic exits through a fixed IP address (the NAT gateway). If your target services restrict inbound API access, you need to whitelist this IP.

When Do You Need This?

You need to whitelist EntryGuard's outbound IP when the cloud resource or service you're managing has its own firewall or access control that blocks unknown callers. Common examples:

APISIX Admin API behind a firewall
Cloud provider APIs accessed through a VPN or restricted network
Self-hosted services with IP-based API access control

If you're using standard AWS Security Groups with default API access, you typically don't need to do anything — AWS APIs are publicly accessible with proper IAM credentials.

Finding the Outbound IP

In the Dashboard

Log in as an admin
Navigate to Settings
The Outbound IP card shows the IP address with a copy button

Via API

curl https://api.entryguard.io/api/v1/platform-info

Response:

{
  "outboundIp": "92.5.112.209"
}

This endpoint is public and requires no authentication.

Applying the Whitelist

Add the outbound IP to your service's allow list. For example, if your APISIX admin API only accepts connections from trusted IPs, add EntryGuard's outbound IP to that list so EntryGuard can apply and revoke upstream route rules on your behalf.

The outbound IP is static and will not change unless explicitly communicated. If it ever changes, you will be notified in advance.

When Do You Need This?​

Finding the Outbound IP​

In the Dashboard​

Via API​

Applying the Whitelist​

When Do You Need This?

Finding the Outbound IP

In the Dashboard

Via API

Applying the Whitelist