I’ve not confirmed with Liquid that whitelisting will be compulsory, but they recently mailed customers with this:
To further enhance security for Liquid customers, on Monday 10th August we will be invalidating all API tokens for retail customers that were created prior to August 3rd, 2020, and do not have at least one IP address or subnet whitelisted.
If it turns out that whitelisting is compulsory, do you provide a list of addresses or subnets that your data gatherers run on?
Thanks