Runner Egress IPs
The strongest way to lock down a VolatiCloud-bound exchange API key is to restrict it to specific source IPs on the exchange's security settings. A leaked key with both withdrawals disabled and IPs allowlisted is essentially useless to an attacker — they can't withdraw funds, and they can't reach the exchange from anywhere outside our infrastructure to attempt adverse trades.
This page is where we'll publish the static egress IPs of our runner pods so you can use them in your exchange's API key allowlist.
We are publishing the static egress IPs of our runner pods so you can lock your exchange API keys to them. The IP list is being finalized as part of the Wave 1 trust roadmap and will appear here in an upcoming release.
Until then, your API keys remain protected by the withdrawal-disabled rule — even if a key were to leak, an attacker cannot drain your funds, only attempt adverse trades.
What This Page Will Contain
When published, this page will list:
- The static egress IP(s) of every region in which we run bots
- A step-by-step allowlist procedure for each major exchange (Binance, Coinbase, Kraken, Bybit, OKX, KuCoin, Bitget, Gate.io)
- Verification steps so you can confirm allowlisting is working — including a test bot you can run on your account
- An update cadence and notification mechanism so you can plan ahead for any IP rotations
How to Be Notified When the IPs Publish
When the canonical IP list lands, we'll:
- Update this page (you can subscribe to the docs RSS feed at
/blog/rss.xml) - Announce in-app via Settings → Notifications
- Email organization owners at the address on file
Why IP Allowlisting Matters
IP allowlisting is the second line of defense after withdrawal-disabled enforcement. The two combine into a strong guarantee:
| Defense | Stops |
|---|---|
| Withdrawal disabled | Funds being moved off-exchange |
| IP allowlisted to runner pods | Key being used from outside our infrastructure |
A key that is both withdrawal-disabled and IP-allowlisted is, from an attacker's perspective, a credential that:
- Cannot withdraw your funds
- Cannot be used at all from anywhere except VolatiCloud's runner pods
That's the configuration we recommend for every production trading key.
Related guides
- API Key Handling — Withdrawal-disabled enforcement, IP allowlisting, rotation cadence.
- Threat Model — How egress allowlisting fits into the broader defense model.
- Exchanges Overview — How to add an exchange connection to VolatiCloud.