IP allowlisting
Overview
If your infrastructure requires IP-based access controls, you can add ElevenLabs’ static egress IP addresses to your firewall allowlist. All outbound requests from ElevenLabs services—including webhooks, WebSocket connections, and MCP server requests—originate from these addresses.
Static egress IPs
The following IP addresses are used for all ElevenLabs services:
Data residency IPs
If you are using a data residency region, outbound requests use the following IPs:
These static IPs are used across all ElevenLabs services and will remain consistent. If ElevenLabs adds new IPs, we will communicate changes in advance through the changelog.
When to use IP allowlisting
IP allowlisting is useful when:
- Your webhook endpoints are behind a firewall that restricts inbound traffic
- Your Speech Engine server only accepts connections from known sources
- Your MCP server integration requires IP-based access controls
- Your SIP trunk provider requires IP allowlisting for authentication
Services that use these IPs
The static egress IPs apply to all outbound requests from ElevenLabs, including:
- Post-call webhooks: Notifications sent after ElevenAgents calls complete. See post-call webhooks.
- Speech Engine: WebSocket connections from ElevenLabs to your server. See Speech Engine.
- MCP server requests: Requests to your Model Context Protocol servers. See MCP security.
- Webhook tools: Outbound calls from agent webhook tools.
Security recommendations
For webhook endpoints, use IP allowlisting together with HMAC signature validation to verify that requests originate from ElevenLabs.
For Speech Engine servers, IP allowlisting can replace or supplement JWT verification. If your server sits behind infrastructure that restricts traffic to ElevenLabs’ egress IPs, you can disable JWT verification by setting disableAuth: true (TypeScript) or disable_auth=True (Python). See the JavaScript SDK reference or Python SDK reference for details.
Only disable authentication if you have IP allowlisting or equivalent network-level restrictions in place. Without one, anyone on the internet can open a session and consume your resources.
API key IP restrictions
You can also restrict your ElevenLabs API keys to only work from specific IP addresses. This is a separate feature from egress IP allowlisting and controls which IPs can make requests to the ElevenLabs API.
See API key IP allowlisting for details.