# IP whitelists

IP whitelisting allows you to ensure traffic to/from Workato is not hijacked by a malicious website.

# Traffic from Workato

Traffic from Workato will use the following IP address. Each data center will use a unqiue set of IP addresses.

US Data Center EU Data Center SG Data Center
  • 52.5.142.59
  • 34.226.132.221
  • 52.54.43.157
  • 3.65.225.246
  • 3.66.45.94
  • 18.198.249.58
  • 13.215.42.244
  • 18.141.131.114
  • 52.74.226.121

You can add these IP addresses to your application/firewall whitelist. Add all three IP addresses to the whitelist to ensure continuous access.

# Example whitelist configuration

If you have a recipe that accesses a MySQL server running on an Amazon EC2 machine, with a special user called integrationuser, you can run the following SQL command on your database to whitelist the Workato IP addresses.

GRANT ALL ON db1.*
TO 'integrationuser'@'52.5.142.59',
'integrationuser'@'34.226.132.221',
'integrationuser'@'52.54.43.157';

# Traffic to Workato

# On-premise agent

Workato's on-premise agent (OPA) provides a secure way for Workato to selectively access customer-authorized on-prem apps, databases, and folders without having to open inbound ‘ports’ in the corporate firewall.

The OPA makes an outbound connection to the Workato cloud's on-premise gateways with the following domain names / IP addresses.

Each data center will use a unique set of IP addresses.

# On-premise Gateway addresses

Host name US Data Center EU Data Center SG Data Center
sg FQDN: sg.workato.com
IPs:
  • 34.192.94.13
  • 34.195.128.7
  • 34.226.84.130
N.A
N.A
sg1 FQDN: sg1.workato.com
IPs:
  • 50.16.101.13
  • 54.84.241.116
  • 34.237.50.149
FQDN: sg1.eu.workato.com
IPs:
  • 18.193.100.169
  • 3.65.178.110
  • 18.198.138.101
N.A
sg2 FQDN: sg2.workato.com
IPs:
  • 34.204.129.29
  • 34.228.172.35
  • 54.83.143.113
FQDN: sg2.eu.workato.com
IPs:
  • 52.57.169.138
  • 3.65.171.53
  • 54.93.132.62
N.A
sg3 FQDN: sg3.workato.com
IPs:
  • 54.224.75.148
  • 52.206.161.203
  • 52.204.114.159
FQDN: sg3.eu.workato.com
IPs:
  • 3.123.148.167
  • 18.192.102.156
  • 52.29.133.142
FQDN: sg3.sg.workato.com
IPs:
  • 52.76.214.244
  • 13.215.168.151
  • 54.255.216.78
sg4 FQDN: sg4.workato.com
IPs:
  • 54.91.65.247
  • 54.221.112.165
  • 3.216.209.184
FQDN: sg4.eu.workato.com
IPs:
  • 3.72.205.158
  • 18.156.149.92
  • 52.58.222.49
FQDN: sg4.sg.workato.com
IPs:
  • 52.221.44.179
  • 52.221.46.218
  • 18.138.33.21

All Workato IP address uses TCP port 443

# On-premise Gateway IP Address Whitelisting

If your organization has strict outbound traffic rules, you will need to whitelist the OPA's access to the Workato cloud.

Firewall whitelists should allow outbound TCP connections from the OPA to port 443 on the On-premise gateway addresses listed above.

# DNS resolution of FQDNs

Some organizations also restrict DNS resolutions in the machines/networks where the OPA may run. Please ensure that the machine where OPA will be running can resolve the IP addresses of the On-premise Gateway's FQDNs as listed above.

# Custom APIM domains

When using custom domains for API recipes, client traffic will be routed to the following set of IP addresses. Each data center will use a unqiue set of IP addresses.

US Data Center EU Data Center SG Data Center
  • 18.211.121.35
  • 34.232.254.255
  • 52.203.235.136
  • 3.127.182.4
  • 3.64.168.57
  • 3.66.114.67
  • 18.136.28.27
  • 13.215.62.220
  • 13.214.235.186

# General (browsers, webhooks, API endpoints)

All other traffic to Workato:

  • Browser based user interaction and webhooks at www.workato.com
  • API endpoint requests at apim.workato.com

may be served by a different set of IP addresses, distinct from IP addresses mentioned in the previous sections. This set may expand and contract based on overall platform utilization, so it is not completely static.