Adapt security measures to your needs.

The Security settings of your project allow you to adapt security measures to the level your project requires. You can access your project's security settings by clicking on Settings and Security in the left column.

Access this page on your dashboard


Enforce Two-Factor Authentication for your project

In order to fully secure access to your whole project, we recommend that all staff members having access to the project use 2-factor authentication.

You can do so by checking the Require project staff members to use 2-factor authentication checkbox and hitting Save changes.

Any staff member that hasn't enabled 2-factor authentication and trying to access your project will be redirected to his/her account page where 2-factor authentication can be activated.

Restrict Management API access to particular IP addresses

This option allows you to specify one or more IP addresses and ranges (see CIDRs on Wikipedia) that will be the only ones allowed to hit our Management API on your behalf.

Remember that our Management API is a powerful tool allowing to send notifications to all your subscribers, so we definitely advise you to use this option whenever possible.


Users of our WordPress plugin who wish to activate this option must include the URL of their blog, otherwise the plugin - which uses the Management API - might stop working.

Users of our Shopify app will want to include Shopify's IP addresses:

Consequences on our API documentation

Activating the IP restriction will prevent you from using our API documentation's "Try It" button, as this goes through a proxy. We discourage putting that proxy's IP address in your white-list.