Outbound IP Address

Retrieve's Static Outbound IP

34.67.7.80

All outbound connections from Retrieve originate from this IP address

Overview

When Retrieve connects to your external systems, APIs, databases, or services, all outbound traffic originates from a single static IP address. This allows you to configure firewall rules, IP allowlists, and security policies that permit connections specifically from Retrieve.

Many enterprise systems and cloud services require IP-based access control for security. By whitelisting Retrieve's outbound IP, you can ensure your integrations work reliably while maintaining strict network security policies.

When You Need to Whitelist Our IP

🔒 Firewall Rules

Your firewall blocks all incoming connections except from approved IP addresses

Example: Corporate firewall protecting database servers

☁️ Cloud Security Groups

Cloud services (AWS, Azure, GCP) with security group or network ACL restrictions

Example: AWS RDS database with security group rules

🔐 API Access Control

APIs that restrict access based on source IP address

Example: Custom REST APIs with IP allowlist middleware

🏢 Enterprise Systems

ERP, CRM, or legacy systems with IP-based authentication

Example: Oracle, SAP, or custom enterprise applications

🗄️ Database Security

Database servers that only accept connections from specific IPs

Example: MySQL, PostgreSQL, SQL Server with IP restrictions

🌐 Load Balancers & CDNs

Load balancers, reverse proxies, or CDNs with IP filtering

Example: Cloudflare, nginx, or HAProxy with allowlists

How to Whitelist Retrieve's IP

🔷 AWS Security Groups

Add an inbound rule to your EC2 security group:

Type: Custom TCP
Protocol: TCP
Port: 3306 (or your service port)
Source: 34.67.7.80/32
Description: Retrieve Integration

Navigate to EC2 → Security Groups → Your SG → Inbound Rules → Edit → Add Rule

☁️ Azure Network Security Groups

Add an inbound security rule:

Source: IP Addresses
Source IP: 34.67.7.80/32
Port: 3306 (or your service port)
Protocol: TCP
Name: AllowRetrieve

Navigate to Resource → Networking → Add inbound port rule

🌥️ Google Cloud Firewall

Create a firewall rule:

gcloud compute firewall-rules create allow-retrieve \
  --allow tcp:3306 \
  --source-ranges 34.67.7.80/32 \
  --description "Allow Retrieve integration"

Or use the GCP Console: VPC Network → Firewall → Create Firewall Rule

🐬 MySQL/MariaDB

Grant access from Retrieve's IP:

GRANT ALL PRIVILEGES ON your_database.* 
TO 'your_user'@'34.67.7.80' 
IDENTIFIED BY 'password';
FLUSH PRIVILEGES;

Replace 'your_user' and 'your_database' with your actual credentials

🐘 PostgreSQL

Add to pg_hba.conf:

# Allow Retrieve's IP
host    all    all    34.67.7.80/32    md5

Restart PostgreSQL after modifying pg_hba.conf

🔶 Cloudflare

Add IP to allowlist in Firewall Rules:

Expression: (ip.src eq 34.67.7.80)
Action: Allow
Description: Retrieve Integration

Security → WAF → Firewall rules → Create Firewall rule

🔧 Nginx

Add to your server block:

location / {
    allow 34.67.7.80;
    deny all;
    # ... rest of your config
}

Reload nginx: sudo nginx -s reload

🐧 Linux iptables

Allow incoming connections from Retrieve:

# Allow Retrieve for specific port (e.g., 3306)
sudo iptables -A INPUT -p tcp -s 34.67.7.80 --dport 3306 -j ACCEPT

# Or allow all ports from Retrieve (less secure)
sudo iptables -A INPUT -s 34.67.7.80 -j ACCEPT

Save rules: sudo iptables-save > /etc/iptables/rules.v4

Verification

After whitelisting Retrieve's IP, verify the configuration is working correctly:

Test Connection in Retrieve

Create a test workflow that connects to your system. Check the workflow logs for successful connection.

Check Server Logs

Review your server's access logs to confirm connections from 34.67.7.80 are being accepted.

Monitor Firewall Rules

Verify your firewall logs show the allowed connection from Retrieve's IP address.

💡 Pro Tip: Test Before Going Live

Always test your IP allowlist configuration with a simple test workflow before deploying production integrations. This helps identify any firewall or network issues early.

Security Best Practices

✅ Combine with Authentication

IP whitelisting should be used in addition to proper authentication (API keys, usernames/passwords), not as a replacement. Use both layers of security.

✅ Limit Port Access

Only open the specific ports required for your integration (e.g., 3306 for MySQL, 443 for HTTPS). Don't allow all ports from Retrieve's IP.

✅ Use Encrypted Connections

Always use SSL/TLS for database connections and HTTPS for API calls, even when using IP whitelisting.

✅ Monitor Access Logs

Regularly review access logs to ensure only legitimate Retrieve traffic is connecting to your systems.

✅ Document Your Configuration

Keep clear documentation of which systems have Retrieve's IP whitelisted and why, for security audits and troubleshooting.

Alternative: VPN Connection

🔒 Need More Security?

If your security requirements are stricter or you prefer not to expose systems to any public IP, consider using Retrieve's VPN feature with Tailscale instead of IP whitelisting.

VPN connections provide zero-trust security without exposing your systems to the public internet at all.

Common Issues & Troubleshooting

🔴 Issue: Connection timeout or refused

Cause: Firewall is still blocking Retrieve's IP

Solution:

Verify you added the correct IP: 34.67.7.80
Check the correct port is open (not just the IP)
Ensure firewall rules are saved and active
Verify no other firewall layers (network ACLs, host firewalls) are blocking

🔴 Issue: Intermittent connection failures

Cause: Multiple firewall rules or rate limiting

Solution:

Check for conflicting deny rules that override your allow rule
Verify rate limiting isn't blocking Retrieve's requests
Review priority/order of firewall rules

🔴 Issue: Database denies connection

Cause: Database-level access control separate from firewall

Solution:

Grant database user permissions for Retrieve's IP
Check database logs for specific error messages
Verify SSL/TLS requirements are met

🔴 Issue: Working in test but not production

Cause: Different firewall rules between environments

Solution:

Ensure production firewalls also have Retrieve's IP whitelisted
Check for differences in security groups or network policies
Verify production uses the same ports as test environment

IP Address Stability

📌 Static IP Guarantee

Retrieve's outbound IP address (34.67.7.80) is static and will not change. You can safely configure long-term firewall rules using this IP.

In the unlikely event we need to change the IP address in the future, we will provide at least 90 days advance notice to all customers via email and in-app notifications.

Need Help?

If you're having trouble configuring your firewall or IP allowlist:

📧 Contact Support: support@retrieve.com
💬 In-App Chat: Available in the Retrieve dashboard
📚 Related Guide: Private Networks (VPN) - Alternative to IP whitelisting
🔧 Enterprise Support: Dedicated assistance for complex network configurations

Related Resources

Private Networks (VPN) - More secure alternative using Tailscale VPN
Architecture - Understand Retrieve's infrastructure
Error Handling - Troubleshoot connection issues