Introduction
Onboarding
What is CloudBees Feature Management?
Use cases
Introduction
Installing client-side SDKs
IntroductionAndroid SDKAndroidTV, FireTV SDKAppleTV SDKC/C++ Client SDKChromecast, Tizen SDKiOS SDKJavaScript SDKJavaScript SSR SDK.NET Client (C#) SDKReact Native SDKTypeScript SDK
Installing server-side SDKs
IntroductionC/C++ SDKGo SDKJava SDKJavaScript SSR SDK.Net (C#) SDKNode.js SDKPHP SDKPython SDKRuby SDKTypeScript SDK
About feature flags
Organizations and apps
Environments
Creating a feature flag
IntroductionCreating a boolean flagCreating a string flagCreating a number flagCreating a flag via Dynamic APISetting flag default values
Feature flag settings
Deleting a feature flag
Managing flags with Jira
Embedded feature flags
Multiplatform feature flags
Flag freeze levels
Flag update flow
Configuration values
Requesting approval for flag configurations
Managing feature releases
Configuring flags for release
Custom properties
Configuring a split release
Scheduling a feature release
Target groups
Flag dependencies
Flag context
Managing flag groups
Introduction
Activating CasC with GitHub
Verbose logging
Local testing
Microservices testing
User space error handler
Flag impressions
Impression handler
Fetched handler
Integrating with Jira
Integrating with Jenkins
Integrating with Slack
Integrating with Microsoft Teams
Configuring webhooks
Managing user accounts
Managing organization permissions
Managing app permissions
Managing subscriptions
Audit log
Managing email notifications
SOC 2 compliance
SAML single sign-on
Multifactor authentication
Allow/Disallow domains
Secret mode
A proxy for CloudBees Feature Management
Support policies
Supported platforms
Terms and services
Open Source Software Attributes

Allowlist domains

1 minute readSecurity

This section lists the URLs that are used by the SDK to properly communicate with our outbound backend servers.

The following URLs are used by the SDK:

  • https://statestore.rollout.io/ - GET request to verify the state of new feature flags and customer properties.

  • https://conf.rollout.io/ - GET request to retrieve the latest configuration.

  • https://x-api.rollout.io/ - GET/POST request send to CloudBees Feature Management servers to indicate a new version is running, or a new state is discovered.

  • https://analytic.rollout.io/ - POST request to CloudBees Feature Management analytics servers, to see impressions on the dashboard.

  • https://push.rollout.io/ - Server Sent Events that get notifications upon a change in the configuration. No special firewall rules are required.

The following third-party URL is used by the SDK:

  • https://notify.bugsnag.com/ - POST request to Bugsnag tool. SDK error monitoring and reporting tool.

Content Security Policy (CSP)

If you are using Content Security Policy (CSP) to protect your application and users, then you will need to update your CSP configuration to allow your application to communicate with the CloudBees Feature Management servers.

Only browser-based SDKs require these settings.

Add the following URLs to your connect-src CSP settings.

  connect-src ...
    https://analytic.rollout.io
    https://conf.rollout.io
    https://push.rollout.io
    https://statestore.rollout.io
    https://x-api.rollout.io
    https://notify.bugsnag.com;
If you have any security requests regarding your specific CloudBees Feature Management configuration, submit a product request to CloudBees Support.
Multifactor authentication
Secret mode