Skip to main content

Cosafe Support Center


Firewall and network configuration

If the "Real-time connection" status in the app shows a disconnected state, ensure that port port 443 is permitted for the domains listed below.

As a critical communication and incident management platform, Cosafe requires a persistent and high-priority connection to our cloud infrastructure to ensure that alarms and information are delivered without delay.

In enterprise environments, it is essential to allow-list our domains in your security systems (firewalls, proxies, and web filters) to prevent accidental blocking of emergency traffic.

General network requirements

Cosafe uses encrypted traffic via HTTPS and WebSockets.
All traffic is outbound from the client to the cloud.

  • Port: TCP 443 (HTTPS / WSS)
  • Protocol: TLS 1.2 or higher
  • Method: Domain-based allow-listing (FQDN) is highly recommended over IP-based rules due to our dynamic cloud infrastructure

Domain allow-list by component

Please ensure that your IT or network administrator adds the following domains to your organization’s allow-list.

1. Web application & Admin panel

These domains are required for accessing the Cosafe interface via a web browser and for administrative tasks.

  • app.cosafe.com – Main web interface
  • admin.cosafe.com – Admin dashboard
  • api.cosafe.com – Central API
  • api.se-sto.prod.cosafe.com – Stockholm region API
  • api.sa-east-1.prod.cosafe.com – São Paulo region API
  • static.cosafe.com – Images, scripts, and CSS

2. Cosafe Academy

For users to access training materials and onboarding guides.

  • academy.cosafe.com
  • api.cosafe.com
  • api.se-sto.prod.cosafe.com
  • api.sa-east-1.prod.cosafe.com

3. Desktop application (Windows & macOS)

The desktop app requires additional domains to manage real-time notifications via the Pushy service.

  • api.cosafe.se
  • api.se-sto.prod.cosafe.com
  • api.sa-east-1.prod.cosafe.com
  • static.cosafe.com
  • api.pushy.me – Notification signaling
  • *.pushy.io (recommended)
    • or specifically mqtt-{timestamp}.pushy.io (real-time MQTT tunnel)

4. Mobile application (iOS & Android)

To ensure the mobile app can sync data and receive alarm signals while connected to corporate Wi-Fi.

  • api.cosafe.se
  • api.se-sto.prod.cosafe.com
  • api.sa-east-1.prod.cosafe.com
  • api.cosafe.com.br – Required for Latin American users
  • static.cosafe.com

Advanced security settings

SSL/TLS inspection (Deep packet inspection)

We strongly recommend exempting (bypassing) Cosafe domains from SSL/TLS inspection.
Breaking the encrypted tunnel to inspect traffic can cause the following issues:

  • Latency – Added delay is critical during emergency alerts
  • WebSocket interruption – Many proxies fail to handle persistent WebSocket tunnels correctly, causing the app to disconnect from the real-time alarm server
  • Certificate pinning – Some components may use pinning for extra security, which will cause the app to fail if it encounters a proxy-generated certificate

Proxy Timeouts

Ensure that the Idle Timeout for WebSockets on *.cosafe.com and *.pushy.io is set to a high value (for example, 30 minutes or more).

This prevents the firewall from prematurely closing the connection that the app uses to listen for incoming alarms.

Mobile-Specific Connectivity

If your users are on a managed corporate Wi-Fi, you must also allow-list the official notification endpoints from Apple and Google.

Without these, devices will not receive push notifications while the app is running in the background.

  • Apple (APNs): *.apple.com

    • TCP ports: 5223, 443

  • Google (FCM): *.googleapis.com

    • TCP ports: 443, 5228–5230