In this document you will find all of the necessary domains and IP addresses to be whitelisted for communication between your environment and HiddenLayer. To ensure secure access to our services, please whitelist the domains and IP addresses as outlined below. These are necessary for accessing various functionalities within our system and for enabling supported outbound integrations.
Your firewall must support stateful connection tracking. A stateless firewall will drop the return packets from HiddenLayer's endpoints, causing TLS handshake failures and connection resets even if an outbound allow rule is in place.
Firewall rules must allow both GET and POST methods to all domains listed below. Method-based filtering that permits GET but blocks POST will prevent interaction data from being submitted to the console.
The following domains and IP addresses are required for connections from your environment to HiddenLayer services.
For broad access to all our environments, you can whitelist the following wildcard domains. These domains cover all necessary subdomains for general access.
| Domain |
|---|
*.hiddenlayer.ai |
| Domain |
|---|
*.us.hiddenlayer.ai |
| Domain |
|---|
*.eu.hiddenlayer.ai |
For more fine-grained control or specific service access, the following subdomains should be whitelisted.
Console Access — This domain is used for accessing the management console.
| Region | Domain |
|---|---|
| US | console.us.hiddenlayer.ai |
| EU | console.eu.hiddenlayer.ai |
API Access — This domain is used for interacting with our APIs and submitting interaction data.
| Region | Domain |
|---|---|
| US | api.us.hiddenlayer.ai |
| EU | api.eu.hiddenlayer.ai |
Authentication Access — This domain is used for authentication and authorization services.
| Region | Domain |
|---|---|
| US | auth.us.hiddenlayer.ai |
| EU | auth.eu.hiddenlayer.ai |
The non-suffixed domains api.hiddenlayer.ai and auth.hiddenlayer.ai are aliases that default to the US region and are equivalent to api.us.hiddenlayer.ai and auth.us.hiddenlayer.ai. Use the region-specific subdomains for consistency across US and EU deployments.
If domain-based whitelisting is not available in your environment, the following IP addresses can be used for API and authentication access.
Some IPs below are managed by third-party infrastructure providers (AWS Global Accelerator and Cloudflare) and may change without notice. Domain-based whitelisting is always preferred for long-term stability. Use IP-based rules only if domain whitelisting is not available in your environment.
Authentication — auth.hiddenlayer.ai
| IP Address | Provider |
|---|---|
75.2.71.215 | AWS Global Accelerator (FusionAuth) |
99.83.245.24 | AWS Global Accelerator (FusionAuth) |
API — api.hiddenlayer.ai
| IP Address | Provider |
|---|---|
104.18.26.19 | Cloudflare |
104.18.27.19 | Cloudflare |
The following IP addresses are used by HiddenLayer when initiating outbound connections to your environment for integrations such as webhooks and Splunk data export. Please ensure that inbound connections from these IP addresses are permitted.
These IPs correspond to the public IP addresses of the NAT Gateways serving our SaaS environments.
3.221.59.634.228.90.13635.170.103.88
3.66.107.413.77.95.23118.185.151.6
| Symptom | Likely Cause | Action |
|---|---|---|
Connection reset by peer after TLS Client Hello on auth.hiddenlayer.ai | Auth endpoint IP not whitelisted | Whitelist auth.hiddenlayer.ai or its IPs |
ConnectError on token refresh in pod logs | auth.hiddenlayer.ai blocked | Verify auth.hiddenlayer.ai is reachable from inside the cluster |
GET requests to api.hiddenlayer.ai succeed but POST fails | Method-based firewall rule blocking POST | Ensure all HTTP methods are permitted, not just GET |
Error submitting to MLDR in pod logs | api.hiddenlayer.ai POST blocked | Verify POST is permitted on api.hiddenlayer.ai |
| Interactions not appearing in the console | MLDR submission failing silently | Confirm POST is permitted on api.hiddenlayer.ai |
| Connection resets despite domain being whitelisted | Non-stateful firewall dropping return packets | Confirm your firewall has stateful connection tracking enabled |