🔥 OpenAI's Undocumented IP Changes Are Breaking GPT Actions – *AGAIN* – Despite Official Promises

GPT builders
, ,
1

Hey @edwinarbus, @dlc-oai, and OpenAI Team,

I am forced to reopen this issue because it is happening again, despite previous assurances and the public shipping of a supposed fix.

:link: Reference to previous thread (now auto-closed):
OpenAI’s Undocumented IP Changes Are Breaking GPT Actions – Enough is Enough!

:stop_sign: The Issue (Confirmed April 26, 2025):

  • GPT Actions are connecting through undocumented IPs NOT listed in the official chatgpt-actions.json file.
  • Concrete evidence:
    • Traffic from 172.213.21.118
    • Official JSON only lists 172.213.21.0/28 → covers .0–.15
    • 172.213.21.118 is outside this range.
  • Result:
    Production GPTs fail silently again due to broken IP whitelists — with no warning, no heads-up, no fix.

:police_car_light: Why This Is Unacceptable:

  • It violates your prior public commitment to maintain an accurate IP list.
  • It destroys trust in GPT Actions as a reliable, production-ready platform.
  • Security and compliance policies depending on static IP whitelisting are actively undermined by OpenAI’s undocumented backend changes.
  • Developers are left scrambling yet again to diagnose and patch emergency issues that should not exist.

:loudspeaker: OpenAI: This Needs Immediate Action

We repeat our previous, still valid demands:

  1. Formal notification system: Email alerts, changelogs, or API signals for any IP changes.
  2. Real-time maintenance of chatgpt-actions.json — no more stealth updates.
  3. Full transparency on infrastructure expansions, regional deployments, and backend migrations that affect network behavior.

:red_exclamation_mark: Public Trust in GPT Actions is at Risk

If OpenAI wants Actions and Custom GPTs to be taken seriously in the enterprise and production-grade applications:

  • API and infrastructure stability is non-negotiable.
  • Silent, undocumented backend changes are absolutely unacceptable.
  • This must be treated as a high-priority incident, not as “developer feedback.”

:megaphone: Developers and Builders:

If you have experienced unexpected GPT Action failures,
please reply and share your experience here.

We need to show OpenAI that this is a systemic problem, not isolated.

:clap: A final reminder:

You cannot build a serious platform if your foundation moves without warning.

We demand better.

:writing_hand: – Martin Fürholz
Custom GPT Developer | Actions Builder | API Security Engineer

:raised_fist: Let’s make noise. Let’s demand real reliability.

2 Likes
2

Now also confirmed: 172.213.21.145 (outside any documented range) is being used for GPT Actions.

4

They do not give 2 cents.

1 Like
5

Sorry me maybe asking silly questions but why do you rely on IP? Is that for security? Isn’t it better to properly authorize tool calls from custom gpts?

1 Like
6

Linking this recent topic here because I noted that the same issue has been reported just recently.

4 Likes
7

Yes it is for security. I authorize the requests also as well, in addition.

8

Isn’t it a bit of an overkill? Unless your current implementation has “static” keys…

9

Hi! We've updated the list here: https://openai.com/chatgpt-actions.json.
Thanks for flagging this issue. The file will also include a creation time.

1 Like
10

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.