IP Address Whitelist API
- Last Updated: February 2, 2024
- 2 minute read
- Hybrid Data Pipeline
- Version 5.0
- Documentation
You can use the IP Address Whitelist API to create an IP address whitelist to determine which IP addresses (either individual IP addresses or a range of IP addresses) can access resources such as the Management API, the Administrators API, data access, and the Web UI. Depending on a user's permissions, IP address whitelists can be implemented at system, tenant, and user levels. (See Implementing IP address whitelists for additional details.)
- A user with the Administrator (12) permission (a system administrator) can implement and create whitelists for all resources at system, tenant and user levels.
- A user with the following permissions can create whitelists for resources at the tenant level: the MgmtAPI (11) permission, the IPWhiteList (29) permission, and administrative access to the tenant.
- A user with the following permissions can create whitelists for resources at the user level: the Mgmt (11) permission and the IPWhitelist (29) permission.
Note:
- IP address whitelists are enabled by default. Unless you have disabled this feature, any IP address whitelist you create will immediately be enforced. For how to enable or disable IP address whitelists, see Enabling and disabling the IP address whitelist feature.
- In the event that an IP address whitelist implementation inadvertently prevents
administrators from using Hybrid Data Pipeline, an administrator can bypass the
whitelist by accessing the service directly from any machine hosting the service.
First, the administrator must have access privileges to the host machine. Next, the
administrator can access the service from a host machine by replacing the servername in the Hybrid Data Pipeline URL with
localhost,127.0.0.1, or::1. Then, the administrator can disable the IP address whitelist feature or update the implementation as desired.
You can perform the following operations with the IP Address Whitelist API.
| Operation | Request | URL |
|---|---|---|
| Retrieve IP address whitelists at the system level | GET | https://<myserver>:<port>/api/admin/security/whitelist/system |
| Update IP address whitelists at the system level | PUT | https://<myserver>:<port>/api/admin/security/whitelist/system |
| Create IP address whitelists at the system level | POST | https://<myserver>:<port>/api/admin/security/whitelist/system |
| Delete IP address whitelists at the system level | DELETE | https://<myserver>:<port>/api/admin/security/whitelist/system |
| Retrieve tenants configured with IP address whitelists | GET | https://<myserver>:<port>/api/admin/security/whitelist/tenants |
| Retrieve IP address whitelists for a tenant | GET | https://<myserver>:<port>/api/admin/security/whitelist/tenants/{id} |
| Update IP address whitelists for a tenant | PUT | https://<myserver>:<port>/api/admin/security/whitelist/tenants/{id} |
| Create IP address whitelists for a tenant | POST | https://<myserver>:<port>/api/admin/security/whitelist/tenants/{id} |
| Delete IP address whitelists for a tenant | DELETE | https://<myserver>:<port>/api/admin/security/whitelist/tenants/{id} |
| Retrieve users configured with IP address whitelist | GET | https://<myserver>:<port>/api/admin/security/whitelist/users |
| Retrieve IP address whitelists for a user | GET | https://<myserver>:<port>/api/mgmt/security/whitelist/user?user=<user_name> |
| Update IP address whitelists for a user | POST | https://<myserver>:<port>/api/mgmt/security/whitelist/user?user=<user_name> |
| Create IP address whitelists for a user | PUT | https://<myserver>:<port>/api/mgmt/security/whitelist/user?user=<user_name> |
| Delete IP address whitelists for a user | DELETE | https://<myserver>:<port>/api/mgmt/security/whitelist/user?user=<user_name> |