Fetching our IP ranges via API
This endpoint returns the IP ranges DeployHQ deploys from, so you can allowlist them on your server's firewall. Unlike the rest of our API, it requires no authentication, which makes it easy to fetch on a schedule and keep your firewall rules current.
For the human-readable version, see Which IP addresses should I allow through my firewall?.
Tip: You can explore and test this endpoint interactively using our OpenAPI documentation.
List IP Ranges
URL
/ip_ranges
HTTP Method
GET
Authentication
None. This endpoint is public.
Example cURL request
curl -H "Accept: application/json" \
https://test.deployhq.com/ip_ranges
Example Response
{
"shared": {
"ipv4": ["185.22.211.30", "185.22.211.31"],
"ipv6": []
},
"zones": {
"uk": {
"name": "UK Zone",
"ipv4": ["185.22.211.36", "185.22.211.97"],
"ipv6": ["2a03:2800:0300::/64"]
}
},
"network_agent": {
"ipv4": ["185.44.252.50", "185.44.252.51"],
"ipv6": ["2a03:2800:500::20", "2a03:2800:500::77"]
},
"all_ipv4": ["185.22.211.30", "185.22.211.31", "185.22.211.36", "185.22.211.97", "185.44.252.50", "185.44.252.51"],
"all_ipv6": ["2a03:2800:0300::/64", "2a03:2800:500::20", "2a03:2800:500::77"],
"ports": [
{ "protocol": "SSH/SFTP", "description": "port 22" }
]
}
Fields
| Field | Description |
|---|---|
shared |
The IP range every project must allow, regardless of zone |
zones |
Per-zone breakdown. Allow the shared range plus the range for the zone your project runs in |
network_agent |
Extra IPs required only if you deploy through a network agent |
all_ipv4 |
Every IPv4 address and range across the shared, zone, and network-agent groups, de-duplicated |
all_ipv6 |
Every IPv6 range across the shared, zone, and network-agent groups, de-duplicated |
ports |
The ports that must be open on your firewall, by protocol |
If you only need a single flat list to feed into a firewall rule, use all_ipv4 and all_ipv6. If you want to allow only the range your project actually uses, combine shared with the relevant entry under zones.