diff --git a/en/docs/install-and-setup/setup/deployment-best-practices/security-guidelines-for-production-deployment.md b/en/docs/install-and-setup/setup/deployment-best-practices/security-guidelines-for-production-deployment.md
index 8cb339a773..1ba8a02130 100644
--- a/en/docs/install-and-setup/setup/deployment-best-practices/security-guidelines-for-production-deployment.md
+++ b/en/docs/install-and-setup/setup/deployment-best-practices/security-guidelines-for-production-deployment.md
@@ -892,12 +892,25 @@ This section provides a list of security guidelines for configuring the network
Note:
It is recommended to use an allowlisting approach when allowing access to resources in your product from the DMZ level.
+For the API-M Developer Portal, exposing the following paths would be sufficient:
+
+ - https://<host>:<port>/devportal
+ - https://<host>:<port>/devportal/*
+ - https://<host>:<port>/api/am/devportal/v3/*
+ - https://<host>:<port>/oauth2/*
+ - https://<host>:<port>/oidc/*
+ - https://<host>:<port>/authenticationendpoint/*
+ - https://<host>:<port>/logincontext
+ - https://<host>:<port>/oauth2/authorize
+ - https://<host>:<port>/commonauth
+ - https://<host>:<port>/accountrecoveryendpoint/*
+
+
-
## Configure client authentication
Client authentication is used to identify the application or the client that is making the request.