# Actions in production

## Rate limits

Consider implementing rate limiting on the API endpoints you expose. ChatGPT will respect 429 response codes and dynamically back off from sending requests to your action after receiving a certain number of 429's or 500's in a short period of time.

### Timeouts

When making API calls during the actions experience, timeouts take place if the following thresholds are exceeded:

-   45 seconds round trip for API calls

### Use TLS and HTTPS

All traffic to your action must use TLS 1.2 or later on port 443 with a valid public certificate.

### IP egress ranges

ChatGPT will call your action from an IP address from one of these [CIDR blocks](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing):

-   `23.102.140.112/28`
-   `13.66.11.96/28`
-   `104.210.133.240/28`
-   `20.97.188.144/28`
-   `20.161.76.48/28`
-   `52.234.32.208/28`
-   `52.156.132.32/28`
-   `40.84.180.128/28`

You may wish to explicitly allowlist these IP addresses.

### How is Action data used?

Actions connect ChatGPT to external apps. If a user interacts with a GPT’s custom action, ChatGPT may send parts of their conversation to the action’s endpoint.