Sean Kinney
updated
Allowlisting for InVision
If you have a proxy, firewall, VPN, or other network security in place, it's possible that some of InVision's services may be blocked or not function properly.
Fortunately, many IT teams that have implemented network security also have provisions for allowlisting specific services. If you’ve run into issues related to network security restrictions, then you'll need to work with your IT and/or security team to allowlist InVision.
Allowlisting requirements for InVision depend on whether you have a standard account (including Enterprise) in either InVision V6 or InVision V7 or have a Private Cloud account.
Domains and ports to allowlist
To allowlist InVision, your IT/security team will need to know the list of domains (e.g., auth.invisionapp.com) and ports (e.g., 443) outlined in the table below, so they can make exceptions for network traffic going to these services. You'll see a green checkmark for each environment (InVision V6, InVision V7, and/or Private Cloud) that must allowlist each domain and port below.
It's not possible to establish a Private Cloud environment for InVision V7.
|
Domain and port |
InVision V6 |
InVision V7 |
Private Cloud |
|---|---|---|---|
|
FACILITATE THE INVISION SIGN-IN PROCESS |
|||
|
auth-api.invisionapp.com:443 |
Yes | No | No |
|
login.invisionapp.com |
Yes |
No |
Yes |
| projects.invisionapp.com:443 | Yes | Yes | No |
| s3.invisionapp-cdn.com:443 | Yes | No | No |
| login.invisionapp.com:80 | No | Yes | No |
| login.invisionapp.com:443 | No | Yes | No |
| assets.invisionapp.com:443 | No | Yes | No |
| static.invisionapp-cdn.com:443 | Yes | Yes | Yes |
{your-subdomain}.invisionapp.com:443 |
No | Yes | No |
auth-api.{your-subdomain}-io.invisionapp.com:443 |
No | No | Yes |
| POWER CRAFT | |||
| craft-api.invisionapp.com:443 | Yes | No | No |
{your-subdomain}.invisionapp.com:443/craft/* |
No | Yes | No |
craft-api.{your_subdomain}-io.invisionapp.com:443 |
No | No | Yes |
| ENABLE CRAFT APPLICATION UPDATES | |||
| craft-assets.invisionapp.com:443 | Yes | Yes | Yes |
| craft-manager-api.invisionapp.com:443 | Yes | Yes | Yes |
| ENABLE CRAFT BETA MANAGEMENT | |||
| craft-beta.invisionapp.com:443 | Yes | No | Yes |
| ENABLE CRAFT FEATURE MANAGEMENT | |||
| clientstream.launchdarkly.com:443 | Yes | Yes | Yes |
| app.launchdarkly.com:443 | Yes | Yes | Yes |
| mobile.launchdarkly.com:443 | Yes | Yes | Yes |
| events.launchdarkly.com:443 | Yes | Yes | Yes |
| FACILITATE ANALYTICS SERVICES FOR MONITORING THE HEALTH OF CRAFT & MEASURING ENGAGEMENT | |||
| google-analytics.com:443 | Yes | No | Yes |
| api.segment.io:443 | Yes | No | Yes |
| e.crashlytics.com:443 | Yes | Yes | Yes |
| settings.crashlytics.com:443 | Yes | Yes | Yes |
| api.crashlytics.com:443 | Yes | Yes | Yes |
| cdn.segment.com:443 | Yes | No | Yes |
| logs-01.loggly.com:443 | Yes | No | Yes |
| app.datadoghq.com:443 | Yes | No | Yes |
| CONTROL FILE UPLOADS AND / OR CRAFT MANAGER | |||
| api.invisionapp.com:443 | Yes | No | No |
| s3.amazonaws.com:443 | Yes | No | Yes |
| CONTROL THE DSM (DESIGN SYSTEM MANAGEMENT) TOOL | |||
assets.{your-subdomain}-io.invisionapp.com:443 |
Yes | Yes | Yes |
| assets.v7-io.invisionapp.com:443 | Yes | Yes | Yes |
| FACILITATE OUR REAL-TIME NOTIFICATIONS FRAMEWORK FOR DSM LIBRARY UPDATES & NOTIFICATIONS | |||
| *.pusher.com:443 | Yes | Yes | Yes |
| ws.pusherapp.com:443 | Yes | Yes | Yes |
| CONTROL FREEHAND | |||
| freehand-api.invisionapp.com:443 | Yes | Yes | Yes |
| auth-api.invisionapp.com:443 | Yes | Yes | Yes |
| app.launchdarkly.com:443 | Yes | Yes | Yes |
| events.launchdarkly.com:443 | Yes | Yes | Yes |
| api.amplitude.com:443 | Yes | Yes | Yes |
| api.mixpanel.com:443 | Yes | Yes | Yes |
| api-js.mixpanel.com:443 | Yes | Yes | Yes |
| cdn.mxpnl.com:443 | Yes | Yes | Yes |
| DISPLAY NECESSARY FONTS ON TEAM SELECTION SCREEN | |||
| fonts.googleapis.com | Yes | No | No |
| ENABLE INTEGRATIONS | |||
| integrations.invisionapp.com:443 | Yes | Yes | Yes |
| jira.global.invisionapp.com:443 | Yes | Yes | Yes |
| confluence.global.invisionapp.com:443 | Yes | Yes | Yes |
| trello.global.invisionapp.com:443 | Yes | Yes | Yes |
| FACILITATE CREDIT CARD BILLING SYSTEM | |||
| rest.zuora.com:443 | No | Yes | No |
| FACILITATE STUDIO FUNCTIONALITY | |||
| *.invisionapp.com | Yes | Yes | Yes |
| *.invisionapp-cdn.com | Yes | Yes | Yes |
| SUPPORT THE ONBOARDING, TOUR, AND WELCOME EXPERIENCE FOR STUDIO | |||
| *.wistia.com | Yes | Yes | No |
| fast.wistia.net | Yes | Yes | No |
| embedwistia-a.akamaihd.net | Yes | Yes | No |
| litix.io | Yes | Yes | No |
| REQUIRED FOR DEVICE MIRRORING FROM STUDIO TO THE INVISION IOS APP OR INVISION ANDROID APP | |||
| Mobile device must be on same Local Area Network (LAN) as machine running Studio | Yes | Yes | No |
| STUDIO 2.X REAL-TIME CLOUD SUPPORT | |||
| *.ably.io | No | Yes | No |
| HOST ASSETS OR VISUAL STYLING, CLIENT-SIDE APP FEATURE FUNCTIONALITY, AND IMAGERY | |||
| static.invisionapp-cdn.com:443 | Yes | Yes | Yes |
| assets.v7-io.invisionapp.com:443 | Yes | Yes | Yes |
| SUPPORT OUR PERFORMANCE MONITORING TOOL AND/OR OUR ERROR MONITORING & REPORTING TOOL FOR STABILITY | |||
| api.bugsnag.com | Yes | Yes | Yes |
| https://js-agent.newrelic.com:443 | Yes | Yes | Yes |
| https://bam.nr-data.net:443 | Yes | Yes | Yes |
| SUPPORT ENTERPRISE FORMS & MARKETING CRM (CUSTOMER RELATIONSHIP MANAGEMENT) | |||
| *.hubspot.com | Yes | Yes | No |
| SUPPORT IN-APP CHAT FUNCTIONALITY | |||
| *.driftt.com | Yes | Yes | No |
| *.braze.com | Yes | Yes | No |
| SUPPORT IN-APP FEEDBACK FUNCTIONALITY | |||
| invisionapp.zendesk.com:443 | Yes | No | Yes |
Remember, you’ll need to modify any domain above that includes {your-subdomain}, replacing your-subdomain with your specific InVision subdomain. For example, if your team were called Sunburst Solutions, this domain and port accordingly:
auth-api.{your-subdomain}-io.invisionapp.com:443
~
auth-api.sunburst-solutions-io.invisionapp.com:443
If you’re not sure what value to enter here, please contact InVision Support for guidance.
Process for allowlisting
The process for allowlisting varies depending on the service and device used. As a result, we’re not able to provide specific directions for allowlisting these services. If you believe you’re subject to network security that’s blocking InVision, you’ll need to speak with your IT team for guidance on how to proceed.
Allowlisting video content
In situations where all video content is blocked, regardless of source, allowlisting the following domains will ensure our content—including for Studio onboarding—comes through:
- *.wistia.com
- fast.wistia.net
- embedwistia-a.akamaihd.net
- litix.io
The domains and ports you'll need to allowlist for InVision services may change in the future. To receive alerts about such changes, you can follow this page:
- Sign in to the Help Center.
- At the top right of the page, click the Follow button.