Good instincts, @niansa! IP whitelisting will not work with our service. Builds, in particular, are on very transient IP’s within the GCE cloud and change constantly.
You could run something like a secret proxy which you allowed our builds to connect to, if you wanted, but that is not really adding much in terms of security, except obscurity, which of course is no real security at all.
The general use pattern for “must contact protected resource from within builds” is to use some form of authentication like password, or maybe SSH key (kinda convoluted to put it in there, but I’ve written up an example here:
[Support Guide] Using an SSH key via environment variable during build ).