IP addresses and firewall rules
The Shippit APIs use an AWS application load balancer (ALB) for load balancing and high availability. This infrastructure design means that there are multiple dynamic IP addresses associated with the Shippit API endpoints. While IP addresses might seem static for a short period of time, there’s no guarantee that they are going to remain unchanged.
Avoid relying on static IP addresses when integrating with the Shippit APIs. Using the DNS name of the API endpoint is the most reliable and future-proof approach, ensuring that your integration remains stable and resilient to changes.
Static IP addresses
If you hardcode IP addresses in your application, this leads to integration failures when the IP addresses inevitably change.
Important: Don’t hardcode static IP addresses in your Shippit applications.
If your application relies on a single IP address, your application loses connectivity to the API when the IP address becomes unavailable. Additionally, manually updating IP addresses is time-consuming and error-prone.
As an alternative to hardcoding static IP addresses, use the DNS name of the API endpoint instead:
- Use the fully qualified domain name (FQDN) of the API endpoint, such as
http://app.shippit.com/api/3. - Perform DNS resolution for the API endpoint at runtime to make sure that it always connects to the current IP addresses.
- Some operating systems and programming languages cache DNS results. Depending on your use case, you might prefer to use regular DNS resolution.
Firewalls
If you need to restrict access to the Shippit APIs through a firewall, make sure you allow outbound traffic to the API endpoint’s DNS name. Most firewall rules allow for FQDN filtering. If your firewall doesn’t support this, consider using a proxy that can perform the FQDN filtering for you.
Allowed URLs
If you need to allow specific Shippit URLs, you can add them to your security allowlist. This section contains the important URLs and IP addresses to allow.
| Environment | URL |
|---|---|
| Shippit website | www.shippit.com |
| Shippit web app | app.shippit.com |
| Shipping labels, manifests, pack lists, and other Shippit-generated documents (Production) | shippit-web |
| Internal label storage URL before June 2025 (not publicly accessible) | https://shippit-web-production.s3-ap-southeast-2.amazonaws.com/uploads/label/ |
| Internal label storage URL after June 2025 (not publicly accessible) | https://shippit-web-production.s3.ap-southeast-2.amazonaws.com/uploads/label/ |
| Staging environment | staging.shippit.com |
| Shipping labels, manifests, pack lists, and other Shippit-generated documents (Staging) | shippit-web-staging |
| Internal staging label storage URL before June 2025 (not publicly accessible) | https://shippit-web-staging.s3-ap-southeast-2.amazonaws.com/uploads/label/ |
| Internal staging label storage URL after June 2025 (not publicly accessible) | https://shippit-web-staging.s3.ap-southeast-2.amazonaws.com/uploads/label/ |
These are the IP addresses uses across the Shippit staging and production environments. To avoid disruptions to your shipping, if you use any filtering tools such as firewall rules, rate limiters or bot protection appliances, make sure you have allowed these IP addresses:
| Environment | Service | IP addresses |
|---|---|---|
| Production (Integrations) | connect.shippit.comftp.connect.shippit.com | 35.201.10.192 35.189.3.93 35.244.126.92 35.201.8.180 43.243.201.102 |
| Production (App) | app.shippit.com | 13.210.185.17 54.153.239.182 54.66.78.172 13.237.179.89 13.239.82.79 54.66.178.150 |
| Staging (Integrations) | connect.shippit.mstaging.com.auftp.connect.shippit.mstaging.com.au | 35.201.29.80 35.189.19.225 35.197.184.111 35.189.28.13 150.101.219.130 |
| Staging (App) | app.staging.shippit.com | 13.236.33.173 3.24.54.217 54.252.46.117 3.25.12.66 13.237.176.114 3.104.51.126 |