IP addresses and DNS
This page contains crucial information about connecting to Signicat services. The only supported method for service consumption is through the Domain Name System (DNS).
While we provide our IP address ranges for firewall configuration, a proper understanding of our DNS-first policy is essential for ensuring stable and reliable integration.
It is important to understand the two ways our network infrastructure can change:
- Service routing (without prior notice): We may shift services between the IP addresses (listed on this page) to perform maintenance or manage load at any time. This is the main reason why it is required to use the DNS and follow the TTLs.
- IP range updates (with prior notice): We rarely add new IP addresses or remove old ones. If this happens, we notify you in advance.
The IP ranges on this page are provided exclusively for configuring your firewall's allowlist. They must not be used for service connections.
DNS requirements
Signicat services are designed to be accessed at their respective domain names (for example, api.signicat.com), leveraging DNS for robust, flexible and secure connectivity. Our infrastructure is dynamic, and IP addresses can change without prior notice.
To further enhance security, all Signicat domains are configured with DNSSEC (Domain Name System Security Extensions), which ensures that the DNS records you receive from our domain names are authentic and have not been tampered with.
Directly connecting to IP addresses or failing to respect DNS TTLs will lead to service disruptions.
It is critical that all clients and systems consuming Signicat services properly resolve our domain names and strictly adhere to the Time-To-Live (TTL) values specified in our DNS records. Failure to do so will lead to connectivity issues, especially during planned maintenance, infrastructure updates, or disaster recovery scenarios.
Best practices
- Always use the provided domain names to connect to Signicat services.
- Ensure you configure your DNS resolvers and client applications to honour the TTL values of our DNS records.
- Avoid hardcoding IP addresses in your configurations.
- Use a DNSSEC-validating resolver.
- If you experience connectivity issues, verify your DNS resolution and cache behaviour, as a first step for troubleshooting.
IP addresses for firewall configuration
Incoming traffic
All incoming traffic to Signicat passes through a Loadbalancer available at the following IP addresses:
Outgoing traffic
Outgoing traffic from Signicat originates from the NAT-main range. In a disaster recovery scenario, we will redirect this traffic to the NAT-disaster-recovery range.
Additional resources
- To learn more about our networks and infrastructure, you can contact us by creating a support ticket in the Signicat Dashboard.
- To view the real-time status of our platform and services, check out our Status page.