Debugging Your Network

The WhatsApp Business API Client has certain network requirements to communicate with the WhatsApp servers.

We understand that different businesses have different network configurations and security concerns. The information below will help you set up the client within your network. Contact support if this is not sufficient because of any special connectivity or security requirements you might have.

IP Addresses

List of the WhatsApp server IP addresses and ranges (zip file)

(updated on Dec 21, 2018)

This list might change often. It is therefore recommended you allow all outgoing traffic from port 5222 or 443, to avoid having to update this whitelist in your network each time it changes.

You will also need to allow access to our repository in JFrog where we host the container images in order to download them. You have to use hostnames for whitelisting these as IP addresses cannot be provided for them (see the Hostnames section for details).

Hostnames

Whitelisting can also be done by hostname rather than IP address.

WhatsApp server hostnames that the WhatsApp Business API Client requires connectivity to:

  • g.whatsapp.net
  • v.whatsapp.net
  • mmg.whatsapp.net
  • graph.facebook.com

Hostnames to allow access to our repository in JFrog where we host the container images in order to download them:

  • docker.whatsapp.biz
  • dl.bintray.com
  • akamai.bintray.com

You have to use these hostnames for whitelisting as IP addresses cannot be provided for them.

Firewalls

Depending on your firewall and how it functions, just whitelisting the hostnames may not work and you will need to whitelist all IP addresses instead.

Examples of firewall behavior that will not work with just hostname whitelisting are:

  • Firewalls that run a DNS query (against the DNS configured in your data center) and use the resulting IPs in the whitelist;
  • Firewalls that look for outbound DNS queries from machines in the data center and use IP addresses that are seen in the response to the whitelist;
  • Firewalls that look for hostnames in the HTTP/HTTPS handshake.

In the event that your firewall exhibits one of these behaviors please proceed to use IP whitelisting.

Testing with WADebug

The WADebug tool can help quickly check whether the coreapp container has access to all the required WhatsApp servers. With WADebug installed, simply run:

  wadebug partial check_network