Views: 1768
Last Modified: 28.10.2021

When using Bitrix24 On-premise, network administrator must consider an option within the security policy to grant network access for REST-applications.

The following permissions must be granted to Bitrix24:

  • Outbound requests for oauth.bitrix.info (for app mechanism) and http://www.bitrix24.com (for applications marketplace).
  • Inbound requests from app servers (addresses depend from specific applications).

The following permissions must be granted for an app at the developer's server:

  • Outbound requests to oauth.bitrix.info.
  • Outbound requests to Bitrix24 Self-hosted server.
  • Inbound requests from servers mp_actions.*, when app uses event mechanisms, automation rules or custom workflow actions.

Current IP:

oauth.bitrix.info:

46.235.53.68
176.34.103.175

mp-actions.bitrix.info and mp-actions-us.bitrix.info:

195.208.187.23
35.170.160.36

Note: Bitrix24 tries to avoid changing these addresses, however, sometimes it happens. It's better to use IP addresses for specified resolved domain names.

In addition to these static URLs, dynamic URLs can be used for outbound webhooks. Send a query to https://dl.bitrix24.com/webhook/app.json to receive list of such URLs.

Example of query via curl:

$ curl https://dl.bitrix24.com/webhook/app.json
{
"nodes": ["195.208.184.200"]
}

Use the retrieved list of nodes array's IP addresses to update firewall rules. This list contains dynamically updated computer addresses receiving outbound webhooks at the moment of query.

Sampling frequency: 1 per minute max, but preferable once each 5 minutes. VM pool scaling mechanism is designed to pre-list 5 minutes before retrieving webhooks from a new address.




Courses developed by Bitrix24