The Ambient Scribe application runs in a typical web browser, but will make calls out to various APIs and services. Below are the optimal and fallback configurations for these.
Critical Requirements
Core Application Access
The application requires access to several domains for functionality
*.ambient-scribe.com - Main application hosting
*.clerk.accounts.dev - User authentication
*.intercom.io and *.intercomcdn.com - Support services
*.posthog.com - Feature management and analytics
*.sentry.io - Error monitoring
Optimal Configuration (Recommended):
TCP port 443 for *.daily.co, *.wss.daily.co, and prod-ks.pluot.blue
UDP ports 40000-65534 for these same domains
Important Note: Opening the UDP port range 40000-65534 for the Daily.co domains provides optimal audio quality and eliminates the need for TURN server configurations. This is the preferred implementation.
Fallback Configuration (Only if UDP range cannot be opened):
TCP port 443 for all Daily.co domains
UDP/TCP port 3478 for TURN servers: turn.cloudflare.com, *.turn.twilio.com, and *.xirsys.com
Implementation Notes
Firewall Rules: The application requires bidirectional communication for all listed domains and ports.
Zero-Trust Environments: For organizations implementing zero-trust security models, explicit allowlisting of all domains and ports is necessary.
Quality Considerations: If the UDP port range cannot be opened:
Users may experience audio quality degradation
Higher latency for audio streaming
Possible connection failures in restrictive environments
Microphone Access: For WebRTC functionality, client browsers must have permission to access microphones. This may require additional configuration in virtualized environments.
Testing Recommendation: After implementation, test by accessing the application and verifying audio capture functionality.
Trouleshooting
If users experience audio issues after configuring network access:
Verify all domains and ports are properly allowlisted
Confirm microphone permissions are granted to the application
Test on different networks to isolate potential network restrictions
Check browser console for connection errors related to WebRTC
References for more detailed information about WebRTC requirements refer to this article and the network testing tool
Required Domains and Ports Table
Optimal Method
Category | Endpoint | Protocol(s) | Port(s) | Purpose |
Core Application | *.ambient-scribe.com | TCP | 443 | Main application website hosting |
Development | *.phiniti-dev.com | TCP | 443 | Development website hosting |
Development | *.phiniti-assist.com | TCP | 443 | Development assistance |
WebRTC Audio | *.daily.co | TCP | 443 | WebRTC for audio/transcription services |
WebRTC Audio | *.daily.co | UDP | 40000-65534 | Media streaming for optimal audio quality |
WebRTC Audio | *.wss.daily.co | TCP | 443 | WebSocket connections for media streaming |
WebRTC Audio | *.wss.daily.co | UDP | 40000-65534 | Media streaming for WebSockets |
WebRTC Audio | *.pluot.blue | TCP | 443 | Required for ICE negotiation |
Failback Method (No UDP)
Core Application | *.ambient-scribe.com | TCP | 443 | Main application website hosting |
Development | *.phiniti-dev.com | TCP | 443 | Development website hosting |
Development | *.phiniti-assist.com | TCP | 443 | Development assistance |
WebRTC Audio | *.daily.co | TCP | 443 | WebRTC for audio/transcription services |
WebRTC Audio | *.wss.daily.co | TCP | 443 | WebSocket connections for media streaming |
Authentication | *.clerk.accounts.dev | TCP | 443 | Account authentication |
Helpdesk | *.intercom.io | TCP | 443 | Support desk/help desk |
Helpdesk | *.intercomcdn.com | TCP | 443 | Intercom content delivery network |
Usage Analytics | *.posthog.com | TCP | 443 | Session tracking, features, flags |
Error Monitoring | *.sentry.io | TCP | 443 | Bug tracking |