I understand from the forum that there’s no need to fuss with whitelisting Imp devices. But what if I want to whitelist my Imp agent (for added security, for example, when doing an agent http.get() against my own webserver)?
You can’t do this by IP address; it will change due to load balancing, deploys, etc.
No reason you can’t turn on HTTP auth and include the username/password in your requests, sign requests with HMAC, etc etc
Thanks for taking the time to reply. Actually, I do have HTTP auth turned on, and I’m using an X-api header as well. Just being paranoid. 
Suggest you check out Rocky - part of the imp utility library set. Plenty of control options available.