Skip to main content
IP access lists let enterprise administrators restrict access to the Devin platform from specific IP addresses or CIDR ranges. When an IP access list is configured, only requests originating from the allowed IP ranges can access Devin’s APIs and webapp.

How It Works

When you configure an IP access list, Devin enforces it at the enterprise level:
  • API requests from IPs not in the access list are rejected with a 401 Unauthorized response
  • Webapp access is restricted to users connecting from allowed IP ranges
This is useful for enterprises that need to ensure Devin is only accessed from corporate networks, VPN endpoints, or other trusted IP ranges.

Configuring IP Access Lists

IP access lists are managed via the Enterprise API v3. The following operations are available:

Viewing the Current Access List

Retrieve the current IP access list for your enterprise: 
GET /v3beta1/enterprise/ip-access-list
Returns the list of allowed IP ranges currently configured.

Replacing the Access List

Replace the entire IP access list with a new set of IP ranges: 
PUT /v3beta1/enterprise/ip-access-list
The request body should be a JSON object with an ip_ranges field containing an array of IP ranges in CIDR notation. Individual IP addresses can be specified with a /32 suffix. 
{
  "ip_ranges": ["10.0.0.0/8", "192.168.1.0/24", "203.0.113.50/32"]
}
The PUT endpoint replaces the entire list. Any IP ranges not included in the request will be removed. Make sure to include all desired ranges in each update.

Clearing the Access List

Remove all IP restrictions by clearing the access list: 
DELETE /v3beta1/enterprise/ip-access-list
When the access list is empty, no IP-based restrictions are enforced.

Permissions

Managing IP access lists requires the ManageEnterpriseSettings permission. This is typically available to enterprise administrators.

Best Practices

  • Include all office and VPN egress IPs before enabling the access list to avoid locking out users
  • Use CIDR ranges instead of individual IPs where possible to simplify management
  • Test with a broad range first, then narrow down as needed
  • Keep a record of configured ranges outside of Devin in case you need to restore access
If you accidentally lock yourself out by configuring an incorrect IP access list, contact support@cognition.ai for assistance.