Administrators can increase the security of external APIs for each site (subdomain) by whitelisting single IP addresses or IP address ranges. External API requests that come from an IP that isn’t on the whitelist will receive an Authorization has been denied for this request error message.
When no IP ranges are enabled, all IPs can access external APIs. Once one or more IP ranges are enabled, access to external APIs is restricted to those whitelisted IP addresses.
Add or Edit an IP Range Restriction
If you use a proxy server that does not truthfully report the original host’s IP address, you will need to add your proxy IP to the whitelisted range manually.
To add or edit a whitelisted IP range restriction:
- Go to Settings
> Customization > Integrations. - Click API – IP Whitelisting.
- To add or edit:
- Add:
- Click + New.
- Edit:
- Click to select the IP range restriction.
Or:
Select Edit from the Actions menu (three dots).
- Click to select the IP range restriction.
- Add:
- Type the lower IP in the range in From. (Mandatory field.)
- The IP address in the From field must be lower than the IP address in the To field.
- Type the higher IP in the range in To. (Mandatory field.)
The To IP can be the same as the From IP if you only want to whitelist a single IP address. - Type a Description.
- Click the Enable toggle switch until it is blue and ON.
- Click Save & Close.
Disable an IP Range Restriction
To disable a whitelisted IP range restriction:
-
- Click to select the IP range restriction.
Or: - Select Edit from the Actions menu.
- Click to select the IP range restriction.
- Click the Enable toggle switch until it is gray and OFF.
- Click Save & Close.
Delete an IP Range Restriction
To delete a whitelisted IP range restriction:
- Either:
- Select Delete from the Actions menu.
Or: - Click to select the IP range restriction to be deleted.
- Click Delete.
- Select Delete from the Actions menu.
- Click Yes to confirm.
