Who This Article Is For
If your organization manages network security policies — such as firewall rules, content filtering, or MDM (Mobile Device Management) configurations on store tablets — you may need to whitelist specific hostnames to ensure the Xenia app functions correctly. This applies to:
- IT administrators configuring network rules
- Multi-location operators using managed tablets on monitored networks
- Organizations where app traffic is filtered or inspected
Important: Use Hostname-Based Rules
Xenia does not use static IP addresses. Rules should be hostname-based wherever your network security tooling supports it. The one exception is Apple Push Notification Service (APNs), which requires an IP range rule (see below).
Xenia Hostnames to Allow
Core Xenia services:
| Hostname | Purpose |
|---|---|
| api.xenia.team | Primary API and in-app updates |
| sockets.xenia.team | Real-time updates (WebSocket) |
| app.xenia.team | Embedded web views and Single Sign-On |
| cdn.xenia.team | Photos, documents, and attachments |
| link.xenia.team | Notification deep links |
| help.xenia.team | In-app Help Center |
Supporting services the Xenia app relies on:
| Hostname | Purpose |
|---|---|
| api.stream.io and *.stream.io | In-app messaging (Chat) |
| maps.googleapis.com | Location / geostamping |
| us5.datadoghq.com | Diagnostics and crash reporting |
| view.officeapps.live.com | Office document previews |
| firebase.googleapis.com | Firebase services |
| firebaseinstallations.googleapis.com | Firebase services |
Push Notifications on Apple Devices (iPads / iPhones)
Push notifications on Apple devices are delivered through Apple's Push Notification Service (APNs). Apple operates APNs over the 17.0.0.0/8 IP range on ports 443 and 5223.
This is the one case where an IP range rule — rather than a hostname rule — is the correct configuration. Apple's own guidance is to allow the full 17.0.0.0/8 range.
Reference: https://support.apple.com/en-us/102266
If push notifications are not reaching store tablets, a blocked APNs range is the most common cause. Verify with your IT team that the 17.0.0.0/8 range is allowed over ports 443 and 5223.
Checklist for IT Administrators
Before deploying Xenia on managed tablets or networks, confirm:
- ✅ All 6 Xenia hostnames are allowed
- ✅ All 5 supporting service hostnames (or wildcards where appropriate) are allowed
- ✅ *.stream.io wildcard is covered (not just api.stream.io)
- ✅ Apple APNs IP range 17.0.0.0/8 is allowed on ports 443 and 5223
- ✅ Rules are hostname-based (not IP-based) for all Xenia services
If Something Isn't Working After Whitelisting
| Symptom | Likely Blocked Hostname |
|---|---|
| App fails to load or connect | api.xenia.team or sockets.xenia.team |
| Photos and attachments not loading | cdn.xenia.team |
| SSO login not working | app.xenia.team |
| Push notifications not arriving on iPads | APNs IP range 17.0.0.0/8 (ports 443 / 5223) |
| In-app chat not loading | api.stream.io / *.stream.io |
| Deep links from notification emails not opening | link.xenia.team |
| Diagnostics report failing to send | us5.datadoghq.com |
If issues persist after applying all rules, contact support@xenia.team and include your network configuration details.
Comments
0 comments
Please sign in to leave a comment.