I know there is a IP whitelist for identifying whether a call comes from openai server or not for plugins, but when I used the custom action the IP address was my private networks, not openai. server’s. What’s the best way to verify if the caller is a GPT?
any reply to this also concerned about vision url requests for attached images that are served to select request IPs
I use ngrok to receive GPT calls and pass to my localhost, so the source IP is 127.0.0.1. However, at leat with ngrok, it adds a header to the request called x-forewarded-for, which contains the upstream sender ip. So you can test that header value for an allowlist against the openAI IP range, I check against:
23.102.140.112
13.66.11.96
plus a subnet mask.
Still looking for an answer to this one as well. Where can I find information on the OpenAI IP addresses or CIDR blocks so I can restrict access to my webhooks to those addresses?
https://platform.openai.com/docs/actions/production
plugins/actions
23.102.140.112/28
13.66.11.96/28
104.210.133.240/28
browser
23.98.142.176/28
40.84.180.224/28
training web scraper.
52.230.152.0/24
52.233.106.0/24
YES!!! This is absolutely what I was looking for. Thank you!
is there an endpoint to get these egress cidrs as json or txt?