We have an API that provides a JSON object listing all the IP addresses that Instart might use to contact our customers' origin servers. This is especially useful when you need to know if the request is coming from an Instart service rather than directly from end users. We refer to this as Origin Cloaking. It provides added protection by creating an exclusive connection between the Instart cloud and your site. Rogue traffic from non-Instart networks is safely blocked and the Instart cloud sends only valid HTTP and HTTPS traffic to your site. In addition to only passing “clean” traffic, this offloads connection acceptance and SSL overhead.
In particular, Intrusion Detection Systems (IDS) must be configured to whitelist these addresses.
The API endpoint is
If you have any questions, please contact Support.