For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Help CenterOpenAPI SpecStatus
OverviewInquiriesTransactionsAPI ReferenceChangelog
OverviewInquiriesTransactionsAPI ReferenceChangelog
  • Overview
    • Introduction
    • How Persona Works
    • Security
    • Environments
  • Sending data to Persona
    • Choose an Integration Method
    • Inquiries
    • Transactions
  • Retrieving data from Persona
    • API Reference
    • Understanding a Persona API Payload
  • Additional Persona products
    • Cases
    • Events
LogoLogo
Help CenterOpenAPI SpecStatus
On this page
  • Domains and IP addresses
  • API access IP restrictions
  • Webhook and Workflow requests
  • Germany
  • India
  • United States
  • Standard domains for allowlisting
Overview

Security

Was this page helpful?
Previous

Environments

Next
Built with

Security is at the core of our culture and we have operated from a security-first mentality from day one.

Persona’s security philosophy follows three principles:

  • Building defense-in-depth against external threats
  • Protecting against human error
  • Guarding against misuse of insider access

For more information about our security measures, see our Security Statement or contact us.

Domains and IP addresses

API access IP restrictions

If you are calling our external API with static IP addresses and want an additional layer of security beyond API key based authorization, you can restrict the IPs that Persona accepts requests from. To add IP addresses to the allowlist, visit the API Key Configuration section within the Persona dashboard.

Webhook and Workflow requests

The full list of IP addresses that webhook and workflow requests may come from is:

Germany
35.246.155.45
34.89.193.61
34.89.158.43
35.198.149.197
34.159.83.62
34.159.68.157
India
34.93.21.229
35.244.13.71
34.93.90.104
34.93.222.99
United States
35.232.44.140
34.69.131.123
34.67.4.225
34.66.30.174
34.123.74.158
34.41.116.165
34.145.62.98
34.105.116.226
34.168.249.74
35.199.156.187
34.105.58.25
35.230.80.200

Standard domains for allowlisting

If your organization has network security policies that require allowlisting external domains, you should include the following Persona domains to ensure proper functionality:

withpersona.com
app.withpersona.com
cdn.withpersona.com
docs.withpersona.com
inquiry.withpersona.com
miniapp.withpersona.com
sdk.withpersona.com
status.withpersona.com
t.withpersona.com
webrtc-consumer.withpersona.com
webrtc-stun.withpersona.com

If you have configured a custom subdomain for your organization, you should also allowlist:

<custom-subdomain>.withpersona.com

For information on how to set up a custom subdomain, see our Subdomains documentation.