IP whitelist addresses for custom action API calls?

I know there is a IP whitelist for identifying whether a call comes from openai server or not for plugins, but when I used the custom action the IP address was my private networks, not openai. server’s. What’s the best way to verify if the caller is a GPT?

any reply to this also concerned about vision url requests for attached images that are served to select request IPs

I use ngrok to receive GPT calls and pass to my localhost, so the source IP is However, at leat with ngrok, it adds a header to the request called x-forewarded-for, which contains the upstream sender ip. So you can test that header value for an allowlist against the openAI IP range, I check against:
plus a subnet mask.

Still looking for an answer to this one as well. Where can I find information on the OpenAI IP addresses or CIDR blocks so I can restrict access to my webhooks to those addresses?




training web scraper.
1 Like

YES!!! This is absolutely what I was looking for. Thank you!