Outbound IP Addresses
Introduction
When Moveo makes outbound calls to your systems — agent webhooks POSTing to your backend, or the knowledge-base crawler fetching your website — the traffic leaves our infrastructure through a small, stable set of public NAT IP addresses.
If your backend, CDN, or Web Application Firewall (WAF) restricts inbound traffic by source IP, add these addresses to your allowlist so Moveo's requests are not blocked.
IP allowlisting is a fallback, not a replacement for HMAC signature verification. It authenticates the network, not the request, and Moveo's egress IPs may change with infrastructure updates. Where possible, verify the X-Moveo-Signature and treat an IP allowlist as an additional layer.
Which addresses apply to your account
Moveo runs in several regions. Your account is hosted in one region, and all of its outbound traffic originates from that region's addresses. Allowlist the row that matches your account's region. If you are not sure which region your account is in, allowlist every address below, or ask your Moveo contact.
| Region | Cloud / Region | Outbound IP addresses |
|---|---|---|
| Europe | AWS eu-central-1 | 18.192.167.150, 18.198.233.220, 3.66.239.254 |
| United States | GCP us-central1 | 34.135.131.192 |
| Brazil / South America | GCP southamerica-east1 | 34.39.187.109 |
The Europe region uses three addresses — one NAT gateway per availability zone for redundancy. Any of the three may appear as the source of a given request.
Single-tenant or dedicated deployments use separate addresses that are provided during onboarding. The table above covers Moveo's shared multi-tenant regions only.
What uses these addresses
- Webhooks — every agent webhook (dialog, first message, pre message, post message, and authentication webhooks) is sent from the outbound addresses of the region your account is hosted in.
- Knowledge-base crawler — when Moveo indexes your website for the knowledge base, the crawler requests your pages from the same region's addresses.