Skip to main content
Feedback

Overview of IP Allowlisting Policy

Description

The policy provides an ability to allowlist API requests according to the configured Subnet, IP list, or IP range. It supports IPs in the following format:

  • CIDR (for example - a.b.c.d/x)

  • List of IPs.

  • IP Range

  • Support for both Package Key & Service Key EAV ( Extended Attributes Value).

  • Policy will fetch the allowlisted IP from pre-input or package keys EAV and will call the IP Allowlisting Service to authenticate the requesting IP.

  • When allowlisted IPs are configured either in pre-inputs or in package keys EAV then policy will allow only those requests whose IP's are same as per configured allowlisted IPs.

  • The configured IP (IPv4) addresses are entered in CIDR notation or comma-delimited.

  • Supports only pre-processing of API request.

  • Supports IP allowlisting of resource endpoint only configured in API Management.

    • Allowlisting by IP address for customer backend servers behind API Management.

    • API Management token endpoints are not allowlisted by IP address.

On this Page