Whitelist IP for OCC

I have a server that has some inbound IP restrictions for port 22 etc, is there an IP address I can whitelist for the Otto Console??
I have create an API key manually (as it failed from the setup form) and when trying to use it I am getting an error message

It is set to allow all to 80,443,5003

Just tried again from scratch
I can log into the Otto console, so all good there
Made an API key

Went to the OCC console to add the server.
It can see that it is 20.3.1 with Otto 4.06 installed

Give it a friendly name, and paste in the AdminAPI key from above, click connect and I get the above error

Restarted Otto, same result

Hi John,

The console only needs access over port 80/443.

You might be hitting an issue we are tracking with Admin sessions getting used up.

Could you try restarting the Admin Server?

Let us know what happens.



Hey John,

I don’t think it is the Admin Sessions, since you restarted Otto with the same result. We are going to look in the logs a bit more. We’ll get back to you with some questions if we need to.


Hey John

It looks like Ottomatic can’t connect to the server. It could be something wrong with the SSL cert or it could be the FileMaker Server License is epxired. Any chance it is one of those.



SSL is valid till the summer, licence was renewed in about November 2023…

I might however have put an IP restriction on the admin console, but now I’m out of the office and about to head over to your side I can’t check anymore… .will circle back to this when I get back from Austin…

1 Like

the error we are getting back suggest that we just can’t get to the server. So that could be it.


I can confirm that if you have an IP restriction on your admin console then Otto can not see the server or connect to it. Turning off the restriction allows Otto console to connect to the admin console and so set up the server
Now it has connected I have turned the restriction back on, and will wait to see what happens when the admin key refreshes, for now it is functioning as expected.

I think that’s because we hit an admin api to ping your server. But once connected we may not need to do that again.

We need to look at this more.



Once the token has died then the Console now shows that Server is not connected.

Because you are pinging that from an address which is not specifically allowed, then that will fail. Understand the issue, and on days when I am in the office (the only IP allowed - their InfoSec requirement) then I can just turn the restriction off easily enough, use Otto stuff of the day then put it back on.
Good to know where the edges are, maybe a line in the docs??

We investigated this further. White listing cuts off Ottomatic, and since Ottomatic runs on Lamda functions and other ethereal run times it doesn’t have a static IP Address that you can add to your white list. So at this time Ottomatic is not compatible with white listing.

We do have plan for addressing this with a couple of features that we will be adding to Ottomatic in the coming months.

We’ll update the docs.