Whitelisting External API Provider Twilio (for WhatsApp)

Hi fellas,
I have introduced a rule inside Rules > Redirect Rules

(not ip.geoip.country in {“C1” “C2” “C3” “C4” “C5”} and http.host contains “dev”)
Then URL Redirect
Type: Static
URL: https://<>-<>.<>.workers.dev/
Status Code: 308

Note: “C” means Country, and “dev” is for the Development sub-domain of the main domain.

Redirection Rule is introduced to - redirect all the traffic - from those countries where our Developers don’t log in from - to a Worker Page https://<>-<>.<>.workers.dev/.

Now, the sub-domain on which this rule is applied has a webpage https://dev.<>.com/api.
This API is receiving requests from an external API Provider Twilio (for WhatsApp) which sends WhatsApp messages (texts and images) to the webpage.

When I applied the aforementioned rule, since the Servers of Meta are located in the C5, if I remove C5 from the rule, Twilio won’t work and will break. I would like to remove C5 since none of our developers or clients are located there. Also, I would like to add the 2 paths viz. /auth and /api in the aforementioned rule so that - traffic received on those two paths - from the countries not listed above - also gets redirected to the same worker page.

Is there a way I can remove C5, and add /auth and /api paths, while also allowlisting the External API Provider’s requests to the specific sub-domain so that the functioning doesn’t break?

Please ask if you would like to have more clarifications.