Working with IP Whitelists
zevery property has an “IP whitelist.” This whitelist specifies the IP addresses of the devices allowed to make API calls using that property. By default, the IP whitelist for a property is set to 0.0.0.0/0, which means that any IP address can be used to make API calls.
If you’d prefer to restrict the IP addresses that can be used to make API calls, complete the following procedure:
- From the Edit page, click Add New IP Address:
- In the Whitelist an IP network field, type a CIDR (Classless
Inter-Domain Routing) address. CIDR addresses use IP address/network mask
notation to specify a range of IP addresses. For example:
The preceding notation (192.168.0.0/30) refers to the IP addresses 192.168.0.0; 192.168.0.1; 192.168.0.2; and 192.168.0.3.
- To add additional IP addresses, click Add New IP Address again and then type in the next CIDR address:
- When you are finished, click the Save changes icon:
If you want to delete a set of IP addresses, click the trash can icon located next to the range of addresses to be deleted:
If you delete all the ranges from your IP whitelist, then the property resumes allowing API calls from any IP address.
If you decide to use IP whitelisting, keep in mind that not all APIs are governed by the whitelist. For example, calls to the Configuration API (CAPI) can be made from any device regardless of what is (or isn’t) on the IP whitelist.
As a general rule, whitelisting is not recommended in organizations that rely on dynamic IP addressing. That’s because, by definition, dynamically-allocated IP addresses are subject to frequent change.