diff --git a/api/bigrag/services/runtime_settings.py b/api/bigrag/services/runtime_settings.py
index 4a7d10f4..8fc0f6b6 100644
--- a/api/bigrag/services/runtime_settings.py
+++ b/api/bigrag/services/runtime_settings.py
@@ -149,7 +149,7 @@ def validate_setting_value(key: str, value: Any) -> Any:
         if value is None:
             return None
         coerced_str = str(value)
-        if key in {"storage_s3_endpoint_url", "backup_s3_endpoint_url"} and coerced_str.strip():
+        if key in {"storage_s3_endpoint_url", "backup_s3_endpoint_url", "turbopuffer_base_url"} and coerced_str.strip():
             from bigrag.services.url_security import UnsafeOutboundUrlError, normalize_url_root
 
             try:
diff --git a/website/content/docs/api-reference/instance-settings.mdx b/website/content/docs/api-reference/instance-settings.mdx
index 0a987635..a7046dc2 100644
--- a/website/content/docs/api-reference/instance-settings.mdx
+++ b/website/content/docs/api-reference/instance-settings.mdx
@@ -103,7 +103,7 @@ Deployment-managed security keys use the same endpoint when you intentionally au
 
 Security hardening settings include `allow_public_bind_in_prod`. Ingestion settings include raw vector API request caps (`max_vector_upsert_count`, `max_vector_delete_count`, `max_vector_text_chars`, `max_vector_metadata_bytes`). Turbopuffer settings include `turbopuffer_api_key`, `turbopuffer_base_url`, `turbopuffer_region`, and `turbopuffer_namespace_prefix`. UI-visible settings can be changed from the admin UI. Registry keys that are not rendered in the UI remain available through this API and the SDK admin settings resources.
 
-Storage and Turbopuffer connection changes are validated before they are saved and apply to the running API.
+Storage and Turbopuffer connection changes are validated before they are saved and apply to the running API. Custom `turbopuffer_base_url` values must be normalized HTTPS roots that pass outbound URL safety checks.
 
 ## Test Settings