API Keys IPs
Description
The API Keys IPs functionality allows you to restrict access to API methods only to specified IP addresses or subnets.
If no whitelist IPs are defined for the merchant, access is allowed from any IP address.
Key Features
- Supports individual IP addresses (e.g.,
192.168.0.1) - Supports IP ranges in CIDR format (e.g.,
192.168.0.0/24) - Multiple IPs and CIDR ranges can be added
- Filtering is activated only if at least one IP is added
- If the request's IP does not match the whitelist, the API responds with 403 Forbidden
- CIDR allows defining IP ranges — for example,
10.244.0.0/16allows all IPs in the10.244.*.*range
Default Behavior
| Whitelist Entries Present | Access Behavior |
|---|---|
| No entries | Access allowed from any IP |
| At least one entry | All non-listed IPs are blocked (403) |
CIDR Ranges
The whitelist supports the CIDR (Classless Inter-Domain Routing) format for defining IP address ranges.
Examples:
| CIDR Range | Allowed IPs Description |
|---|---|
10.244.0.0/16 | All IPs from 10.244.0.0 to 10.244.255.255 (e.g., 10.244.6.159) |
192.168.1.0/24 | All IPs like 192.168.1.* |
203.0.113.45/32 | Only the single IP address 203.0.113.45 |
How to add new allowed IP address?
-
Click on the Settings tab
-
Click Allows List and choose API keys IPs
-
In the IP address box, enter the new address.
-
In the Description box, enter user-friendly name for the new address.
-
Click Save Address to save the new IP address.
