Network allowlist for IT administrators

Nani Translate uses standard HTTPS for the web app and desktop app. If a corporate network or security product blocks Nani, allow only the traffic below instead of disabling security controls.

Network requirements

  • Allow outbound HTTPS over TCP 443.
  • Nani does not require dedicated inbound ports, static IP allowlisting, or VPN tunnels.
  • If HTTP/3 (QUIC) causes issues with your proxy or filtering product, make sure HTTPS over TCP 443 is allowed.

Nani-managed domains

All domains below are operated by Nani. The core features of Nani work with these four domains alone, so start by allowlisting them. The underlying IP addresses are not static, so allow traffic by domain rather than by IP address.

Endpoint Purpose When needed
https://nani.now Web app, signed-in usage, main API, translation and proofreading API, public pages Normal web and desktop app usage
https://nani.kiok.jp Alternate API domain and connectivity checks Desktop app API communication
https://nani-desktop.kiok.jp Official macOS app downloads, auto-update checks, and update file delivery macOS installation and update checks after launch
https://translatorassets.kiok.jp Static assets such as images, videos, and icons Rendering web pages and app UI

Third-party domains for specific actions

The domains below belong to external services outside Nani's control and are contacted only for specific actions such as sign-in and payment. If you do not use these features, allowing them is not required. Most corporate networks already allow these domains.

Endpoint Purpose When needed
https://accounts.google.com Google OAuth sign-in When signing in with a Google account
https://appleid.apple.com Apple OAuth sign-in When signing in with an Apple account
https://checkout.stripe.com Stripe Checkout When purchasing a paid plan
https://billing.stripe.com Stripe Billing Portal When managing billing and subscriptions

Desktop app distribution

Nani for macOS is distributed from the official download URL, signed with a Developer ID certificate and notarized by Apple.

Item Purpose When needed
Nani Product name App identification
jp.kiok.nani macOS Bundle ID Identification in MDM, EDR, and allow policies
https://nani-desktop.kiok.jp/artifacts/nani-mac-latest.dmg Official download URL Initial macOS installation
https://nani-desktop.kiok.jp/artifacts/latest-mac.yml Update metadata Auto-update checks

Auto-update downloads versioned update files listed in latest-mac.yml from the same artifacts/ path. If you allowlist by URL, allow everything under https://nani-desktop.kiok.jp/artifacts/ instead of individual URLs.

Notes for proxy, VPN, and TLS inspection environments

If requests are blocked, modified, or time out on a corporate network, Nani may show errors like the following.

  • Failed to fetch
  • ERR_NETWORK_CHANGED
  • ERR_CONNECTION_REFUSED
  • ERR_QUIC_PROTOCOL_ERROR

If these errors occur, check whether URL filtering, SSL/TLS inspection, proxy, VPN, or EDR policies are blocking Nani-managed domains.

Information to include when contacting support

You can check whether Nani itself is having an outage on the status page. If no outage is reported, include the following information when possible to help isolate the cause.

  • Environment: web app or Mac app
  • Nani app version and OS version
  • Network: company VPN, office network, home network, or tethering
  • Name of any VPN, proxy, EDR, antivirus, or URL filtering product in use
  • Time of occurrence and time zone
  • Error message shown on screen and logs if available
  • Whether your IT team can allowlist the Nani-managed domains

Related pages

Security of Nani TranslateDownload the desktop appContact support