Skip to main content

 

Cisco Meraki Documentation

Updates to the DNS Resolution of api.meraki.com

Overview

This article covers an update to api.meraki.com and how this update affects the DNS resolution of https://api.meraki.com. This article is relevant to any Meraki dashboard API user who would like to limit access to api.meraki.com, especially those who are already doing so by allow-listing one or more IP addresses. 

Update

api.meraki.com is the starting point for any customer interaction with the Meraki APIs. With growing API usage, api.meraki.com is more critical than ever to our customers. To ensure the availability and performance our customers expect, we're moving this to infrastructure that allows us to better scale. As part of this change, api.meraki.com will no longer resolve to an IP address from a fixed pool of addresses. Therefore, customers who wish to restrict access to api.meraki.com should allow-list the FQDN api.meraki.com in their firewalls.

Users affected by this update and actions required, if any

If you don’t use the Dashboard API at all, or if you don’t disallow outbound traffic on a firewall that sits between api.meraki.com and an API developer or application, then there’s nothing you need to do. This article is intended for administrators who explicitly allow-list outbound traffic associated with api.meraki.com, and run applications that leverage the API from behind those firewalls.

Action Required

If you have allow-listed Meraki API traffic in your firewall, you may need to review those firewall rules to ensure that api.meraki.com is allowed as a fully qualified domain name (FQDN), rather than an IP address.

The actions above will ensure that your API calls are able to reach their destination once the updates to api.meraki.com are rolled out in your region. Please see the bottom of this document for the IP info that may be listed as destinations in firewall rules that may need your attention.


If you are affected, you can make this change immediately, even if the updates to api.meraki.com haven’t yet been rolled out in your region. Please be sure to make this change before November 20, 2020 to ensure your rules do not unintentionally disallow any API traffic once the updates to api.meraki.com are rolled out in your region.

I prefer allow-listing IP addresses rather than FQDNs. What are the new IP addresses for api.meraki.com?

The updates will make api.meraki.com highly available, and therefore, like most hostnames associated with cloud services, api.meraki.com will not consistently resolve to the same IP address or even a consistent range of addresses. Therefore, allow-listing traffic via IP address will no longer be practical. Instead, allow-list the FQDN api.meraki.com to ensure that your applications can interact with api.meraki.com from behind the affected firewall(s) after November 20, 2020.

Which IP addresses did api.meraki.com previously use? 

Previously, api.meraki.com resolved to addresses in the same range used for Meraki devices when they connect to the Cloud (209.206.48.0/20). The IP addresses relevant to your specific organization can be found in your Dashboard's Firewall information page.

  • Was this article helpful?