Nodium Screenshot API -- IP Ranges

Nodium's rendering servers connect to your target URLs from a known set of IP addresses. Use this page to whitelist Nodium in firewalls, security groups, and access control lists.

Base URL: https://api.nodium.io/api/v1/screenshot

Table of Contents

• Why Whitelist IP Ranges
• Current IP Ranges
• GET /ip-ranges
• IP Range Update Notifications
• Whitelisting in Common Setups
• Important Notes

Why Whitelist IP Ranges

When Nodium captures a screenshot of your website, its rendering browser connects to your server from one of Nodium's IP addresses. If your infrastructure restricts inbound traffic, you need to allow these IPs so that Nodium can reach your pages.

Common scenarios where whitelisting is required:

• Staging environments behind a firewall or VPN
• Admin panels restricted to known IPs
• Internal tools deployed in a private VPC
• WAF rules that block unrecognized traffic
• Rate limiters that may throttle or ban automated requests

Current IP Ranges

Nodium operates rendering servers across multiple regions. The following CIDR blocks cover all current egress IPs:

Important: These IP ranges may change as Nodium scales its infrastructure. Do not hard-code them. Use the /ip-ranges API endpoint for automation, and subscribe to update notifications.

GET /ip-ranges

Returns the current list of IP ranges in JSON format. This endpoint does not require authentication.

GET https://api.nodium.io/api/v1/screenshot/ip-ranges

Response

{
  "ip_ranges": [
    {
      "cidr": "44.210.64.0/22",
      "region": "us-east-1",
      "description": "US East (Virginia)"
    },
    {
      "cidr": "35.82.128.0/22",
      "region": "us-west-2",
      "description": "US West (Oregon)"
    },
    {
      "cidr": "3.127.64.0/22",
      "region": "eu-central-1",
      "description": "EU West (Frankfurt)"
    },
    {
      "cidr": "52.18.192.0/22",
      "region": "eu-west-1",
      "description": "EU West (Ireland)"
    },
    {
      "cidr": "13.212.32.0/22",
      "region": "ap-southeast-1",
      "description": "AP Southeast (Singapore)"
    }
  ],
  "last_updated": "2026-02-20T00:00:00Z",
  "etag": "a3f8c1e2b4d6"
}

Using the ETag for change detection

The response includes an etag field. Store this value and include it as an If-None-Match header on subsequent requests. If the IP ranges have not changed, the API returns 304 Not Modified with no body, saving bandwidth.

curl "https://api.nodium.io/api/v1/screenshot/ip-ranges" \
  -H "If-None-Match: a3f8c1e2b4d6"

IP Range Update Notifications

Nodium provides advance notice before IP ranges change:

1. Email notification -- Sent to all account owners 14 days before a change.
2. Webhook event -- A ip_ranges.updated event is sent to configured webhook URLs.
3. Status page -- Published on status.nodium.io with the effective date.

Configure your notification preferences in the Nodium Dashboard under Settings > Notifications.

Whitelisting in Common Setups

AWS Security Groups

Add inbound rules for each CIDR block on the port your application uses (typically 80 or 443):

aws ec2 authorize-security-group-ingress \
  --group-id sg-0123456789abcdef0 \
  --protocol tcp \
  --port 443 \
  --cidr 44.210.64.0/22

aws ec2 authorize-security-group-ingress \
  --group-id sg-0123456789abcdef0 \
  --protocol tcp \
  --port 443 \
  --cidr 35.82.128.0/22

# Repeat for each CIDR block

To automate this, fetch the ranges from the API and update the security group with a script:

import requests
import boto3

ranges = requests.get("https://api.nodium.io/api/v1/screenshot/ip-ranges").json()
ec2 = boto3.client("ec2")

for entry in ranges["ip_ranges"]:
    ec2.authorize_security_group_ingress(
        GroupId="sg-0123456789abcdef0",
        IpPermissions=[{
            "IpProtocol": "tcp",
            "FromPort": 443,
            "ToPort": 443,
            "IpRanges": [{"CidrIp": entry["cidr"], "Description": f"Nodium - {entry['description']}"}],
        }],
    )

Cloudflare

Add Nodium IP ranges to a Cloudflare IP Access Rule or a WAF custom rule:

1. Go to Security > WAF > Custom Rules in the Cloudflare dashboard.
2. Create a new rule with the expression:

(ip.src in {44.210.64.0/22 35.82.128.0/22 3.127.64.0/22 52.18.192.0/22 13.212.32.0/22})

1. Set the action to Allow.

Alternatively, use the Cloudflare API:

curl -X POST "https://api.cloudflare.com/client/v4/zones/YOUR_ZONE_ID/firewall/access_rules/rules" \
  -H "Authorization: Bearer YOUR_CF_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "mode": "whitelist",
    "configuration": {
      "target": "ip_range",
      "value": "44.210.64.0/22"
    },
    "notes": "Nodium Screenshot API - US East"
  }'

nginx

Allow Nodium IPs in your nginx configuration:

# /etc/nginx/conf.d/nodium-whitelist.conf

# Nodium Screenshot API IP ranges
allow 44.210.64.0/22;    # US East
allow 35.82.128.0/22;    # US West
allow 3.127.64.0/22;     # EU Central
allow 52.18.192.0/22;    # EU West
allow 13.212.32.0/22;    # AP Southeast
deny all;

Include this file in your server block:

server {
    listen 443 ssl;
    server_name staging.example.com;

    include /etc/nginx/conf.d/nodium-whitelist.conf;

    # ... rest of your configuration
}

Tip: For production servers that also serve regular traffic, use a separate location block or a dedicated hostname for Nodium-accessible pages, rather than applying deny all globally.

Important Notes

• IP ranges may change. Always use the /ip-ranges endpoint for automated whitelisting rather than hard-coding CIDR blocks.
• Subscribe to notifications. Enable email or webhook alerts so you are informed before changes take effect.
• Test after whitelisting. Capture a screenshot of your restricted page to confirm that access works correctly.
• Combine with authentication. IP whitelisting is a defense-in-depth measure. Continue to use cookies, authorization headers, or other authentication methods for sensitive pages.

Next Steps

• Getting Started -- Capture your first screenshot
• Notifications -- Configure update alerts
• API Reference -- Complete endpoint and parameter reference