IP whitelist addresses for custom action API calls?

I know there is a IP whitelist for identifying whether a call comes from openai server or not for plugins, but when I used the custom action the IP address was my private networks, not openai. server’s. What’s the best way to verify if the caller is a GPT?

any reply to this also concerned about vision url requests for attached images that are served to select request IPs

I use ngrok to receive GPT calls and pass to my localhost, so the source IP is 127.0.0.1. However, at leat with ngrok, it adds a header to the request called x-forewarded-for, which contains the upstream sender ip. So you can test that header value for an allowlist against the openAI IP range, I check against:
23.102.140.112
13.66.11.96
plus a subnet mask.

Still looking for an answer to this one as well. Where can I find information on the OpenAI IP addresses or CIDR blocks so I can restrict access to my webhooks to those addresses?

https://platform.openai.com/docs/actions/production

plugins/actions

23.102.140.112/28
13.66.11.96/28
104.210.133.240/28

browser

23.98.142.176/28
40.84.180.224/28

training web scraper.

52.230.152.0/24
52.233.106.0/24
1 Like

YES!!! This is absolutely what I was looking for. Thank you!