Each property has an “IP allow list” that specifies the IP addresses of the devices allowed to make API calls using that property. By default, the IP allow list for a property is set to 0.0.0.0/0, which means that any IP address can be used to make API calls.
If you’d prefer to restrict the IP addresses that can be used to make API calls, complete the following procedure:
- From the Edit page, click Add New IP Address:
- In the Whitelist an IP network field, type a CIDR (Classless Inter-Domain Routing) address. CIDR addresses use IP address/network mask notation to specify a range of IP addresses. For example:
The preceding notation (192.168.0.0/30) refers to the IP addresses 192.168.0.0; 192.168.0.1; 192.168.0.2; and 192.168.0.3.
- To add additional IP addresses, click Add New IP Address again and then type in the next CIDR address:
- When you are finished, click the Save changes icon:
If you want to delete a set of IP addresses, click the trash can icon located next to the range of addresses to be deleted:
If you delete all the ranges from your IP allow list, then the property resumes allowing API calls from any IP address.
If you decide to use an IP allow list, keep in mind that not all APIs are governed by the allow list. For example, calls to the Configuration API can be made from any device regardless of what is (or isn’t) on the IP allow list.
As a general rule, IP allow lists are not recommended in organizations that rely on dynamic IP addressing. That’s because, by definition, dynamically-allocated IP addresses are subject to frequent change.