DiscordStatus
Guias / Guides

Official Asaas IP Addresses

Asaas has official IP addresses used to communicate with external applications through Webhooks.

These IP addresses can be used to configure Firewall rules, WAF solutions (such as Cloudflare), Security Groups, proxies, or any other security mechanism responsible for controlling which origins are allowed to access your application.

Using an allowlist with Asaas IP addresses is a recommended practice to improve integration security.

When to use the official IP addresses

Official IP addresses are commonly used when:

  • your application is protected by a Firewall;
  • you use Cloudflare or AWS WAF;
  • there are origin-based restrictions;
  • only specific addresses are allowed to access your endpoint;
  • you want to improve the security of Webhook delivery.

In these scenarios, it is recommended to explicitly allow Asaas IP addresses and block unknown origins.

Official IP addresses

Currently, Asaas Webhooks are sent from the following IP addresses:

  • 52.67.12.206
  • 18.230.8.159
  • 54.94.136.112
  • 54.94.183.101
📘

Important

These IP addresses are used for Webhook communication in the production environment.

Usage example

The IP addresses can be added to:

  • Cloudflare rules;
  • AWS Security Groups;
  • Azure NSG;
  • Corporate Firewalls;
  • Reverse proxies;
  • Load balancers.

For example, in a Firewall configuration you can allow only Asaas IP addresses to access the Webhook endpoint:

Allow:
52.67.12.206
18.230.8.159
54.94.136.112
54.94.183.101

Block:
All other origins

Expected behavior

When the IP addresses are properly allowed:

  • Webhooks reach the application normally;
  • the queue remains active;
  • events are processed correctly;
  • HTTP 403 errors caused by Firewall rules do not occur.

If the IP addresses are blocked, it is common to observe:

  • HTTP 403 errors in the logs;
  • queue penalties;
  • queue interruption after 15 consecutive failures;
  • delays or lack of synchronization between systems.

Sandbox environment

Additional IP addresses may be used in the Sandbox environment.

If you are experiencing HTTP 403 errors in Sandbox, we recommend checking your Firewall or Cloudflare events to identify blocked requests and allow the corresponding IP addresses.

Best practices

  • Keep the official IP addresses permanently allowed.
  • Periodically review Firewall rules.
  • Monitor HTTP 403 errors in Webhook logs.
  • Consider the differences between Production and Sandbox environments.
  • Avoid blocking requests based on User-Agent or geolocation.
  • Periodically validate that Webhooks are being received correctly.
🚧

Attention

An incorrect Firewall configuration may prevent Webhook delivery, causing queue interruption and permanent event loss after 14 days.

Related content