Add IP restriction
3 minute read
POST
Use this endpoint to add an IP restriction rule to your CertCentral account. IP restrictions prevent access to your account from untrusted IP addresses.https://www.digicert.com/services/v2/container/{{container_id}}/ip/rules
Warning
Using this endpoint can lock you out of your account. Be careful to avoid creating restrictions that block the IP addresses you use to access CertCentral.Assign IP rules to the top-level account container
CertCentral assigns IP restrictions to the top-level container (division) in the account. This means, in the request URL, the value of the container_id path parameter must be the ID of the top-level account container.
Tip
To get the ID of the top-level container in your account, use the List containers API endpoint. The top-level container is the container with aparent_id value of 0.Format IP addresses
Each IP rule restricts access either to a single IP address or to a range of allowed addresses. In your request, you must use IPv4 format for all IP addresses.
- Create a rule for a single IP address
In the request payload, set the
ip_addressandip_address_endrequest parameters to the same value, the allowed IP address:{ "ip_address": "192.0.2.0", "ip_address_end": "192.0.2.0" } - IP address range
In the request payload, set the value of the
ip_addressrequest parameter to the starting IP address. Set the value of theip_address_endrequest parameter to the ending IP address:{ "ip_address": "192.0.2.0", "ip_address_end": "192.0.2.29" }
Choose a restriction type
You can add a rule that applies to all account access, or you can add a rule that only applies to a single user or API key.
New IP rules apply to all account access by default. To scope a rule to a single user or API key, use the user_id and api_key_id request parameters.
Note
Each IP rule has only one restriction type (account, API key, or user), and restriction types are mutually exclusive. This means, to restrict an API key and a user to the same IP block, you must create two rules with the same IP restrictions: one rule for the API key, and another for the user.Example requests and responses
curl --request POST 'https://www.digicert.com/services/v2/container/{{container_id}}/ip/rules' \
--header 'X-DC-DEVKEY: {{api_key}}' \
--header 'Content-Type: application/json' \
--data '{
"ip_address": "192.0.2.0",
"ip_address_end": "192.0.2.24",
"description": "Account-wide restriction"
}'curl --request POST 'https://www.digicert.com/services/v2/container/{{container_id}}/ip/rules' \
--header 'X-DC-DEVKEY: {{api_key}}' \
--header 'Content-Type: application/json' \
--data '{
"ip_address": "192.0.2.0",
"ip_address_end": "192.0.2.24",
"description": "User restriction",
"user_id": "1234"
}'curl --request POST 'https://www.digicert.com/services/v2/container/{{container_id}}/ip/rules' \
--header 'X-DC-DEVKEY: {{api_key}}' \
--header 'Content-Type: application/json' \
--data '{
"ip_address": "192.0.2.0",
"ip_address_end": "192.0.2.24",
"description": "API key restriction",
"api_key_id": "1234"
}'204 No Content
// No content
Path parameters
| Name | Type | Description |
|---|---|---|
| container_id | int | ID of the top-level account container (division). To get the ID of the top-level container in your account, use the List containers API endpoint. The top-level container is the container with a parent_id value of 0. |
Request parameters
| Name | Req/Opt | Type | Description |
|---|---|---|---|
| ip_address | required | string | Starting IP address in allowed address range. IPv4 format required. |
| ip_address_end | required | string | Ending IP address in allowed address range. Alternately, to restrict access to a single address, populate both ip_addressand ip_address_end with the same value (the allowed address). IPv4 format required. |
| user_id | optional | int | ID of user to create the rule for. Mutually exclusive with api_key_id. |
| api_key_id | optional | int | ID of API key to create the rule for. Mutually exclusive with user_id. |
| description | optional | string | Custom rule description. |
Was this page helpful?
Provide feedback