×

Whitelisting Craft in your proxy or firewall

InVision’s Craft plugin suite must be able to reach out to our services in order for Craft to install and work properly. If it’s unable to do so (e.g. because you have a proxy, firewall, or other network security in place that’s blocking the connection) then you won’t be able to use Craft.

Fortunately, many IT teams that have implemented network security also have provisions for whitelisting specific services so that they can resume working. If you’ve run into some of the issues described in Why am I unable to install or connect with Craft and InVision Sync? then you’re going to need to work with your IT and/or security team to get Craft whitelisted.

What needs to be whitelisted?

What you need to whitelist depends on whether you’re using InVision normally or using our Private Cloud or Private Network offerings.

General Customers (including Enterprise customers)

To whitelist Craft your IT/security team will need to know the following list of domains (e.g. auth.invisionapp.com) and ports (e.g. 443) so they can make exceptions for network traffic going to these services:

Domain and port

Purpose

auth.invisionapp.com:443

Core service used for logging you into InVision

craft-api.invisionapp.com:443

 

Primary service powering Craft

craft-beta.invisionapp.com:443

craft-assets.invisionapp.com:443

craft-manager-api.invisionapp.com:443

Powers the Craft Beta management system

s3-proxy.invisionapp.com:443

Service we use for securely handling traffic to our storage service

google-analytics.com:443

api.segment.io:443

cdn.mxpnl.com:80

api.mixpanel.com:80

api.mixpanel.com:443

e.crashlytics.com:443

settings.crashlytics.com:443

api.crashlytics.com:443

Analytics services that we use for monitoring the health of Craft and for measuring engagement

app.getsentry.com:443

Logging service that we use for identifying potential technical issues proactively so we can resolve them more quickly

Private Cloud/Private Network

For our customers using our Private Cloud and Private Network solutions, you’ll instead need to whitelist the following services. Note that you’ll need to modify the first two, replacing your_subdomain with your specific InVision subdomain. If you’re not sure what value to enter here, please contact InVision Support for guidance.

Domain and port

Purpose

auth.your_subdomain-io.invisionapp.com:443

Core service used for logging you into InVision

craft-api.your_subdomain-io.invisionapp.com:443

Primary service powering Craft

craft-beta.invisionapp.com:443

craft-assets.invisionapp.com:443

craft-manager-api.invisionapp.com:443

Powers the Craft Beta management system

s3-proxy.your_subdomain-io.invisionapp.com:443

Service we use for securely handling traffic to our storage service

google-analytics.com:443

api.segment.io:443

cdn.mxpnl.com:80

api.mixpanel.com:80

api.mixpanel.com:443

e.crashlytics.com:443

settings.crashlytics.com:443

api.crashlytics.com:443

Analytics services that we use for monitoring the health of Craft and for measuring engagement

app.getsentry.com:443

Logging service that we use for identifying potential technical issues proactively so we can resolve them more quickly

How do we whitelist these domains and ports?

Exactly how you whitelist these services varies wildly from service to service and device to device. As a result, we’re not able to provide more specific information for how to whitelist these services. If you believe you’re subject to network security that’s blocking Craft you’ll need to speak with your IT team for guidance on how best to proceed.