Every request coming from the RapidAPI Network will come from the following IP addresses. You can whitelist these IPs, as they are the ones used to send requests only from RapidAPI.

A request coming from RapidAPI can be considered already authenticated, so no billing or authentication checks are required on the API side.

Here is the complete list of IPs to whitelist:

107.23.255.128
107.23.255.129
107.23.255.130
107.23.255.131
107.23.255.132
107.23.255.133
107.23.255.134
107.23.255.135
107.23.255.136
107.23.255.137
107.23.255.138
107.23.255.139
107.23.255.140
107.23.255.141
107.23.255.142
107.23.255.143
107.23.255.144
107.23.255.145
107.23.255.146
107.23.255.147
107.23.255.148
107.23.255.149
107.23.255.150
107.23.255.151
107.23.255.152
107.23.255.153
107.23.255.154
107.23.255.155
107.23.255.156
107.23.255.157
107.23.255.158
107.23.255.159
54.172.117.82
54.174.126.70
54.175.103.105
54.209.110.14
54.86.14.38
54.86.225.32
54.86.245.80
54.88.28.135
54.88.28.194
54.88.32.113
54.88.37.172
54.88.51.199
54.88.53.251
54.88.54.104
54.88.55.60
54.88.55.63

For security reasons, you should protect your API and block requests coming from outside the RapidAPI infrastructure.

RapidAPI adds the X-Mashape-Proxy-Secret header on every request. This header has a unique value for every API, and if the header is missing or has a different value, you can assume the request is not coming from our infrastructure. The header for this API is: X-Mashape-Proxy-Secret followed by a unique string.