Add IP restriction rule
POST https://www.digicert.com/services/v2/container/{{container_id}}/ip/rules
Use this endpoint to add an IP restriction rule to your CertCentral account. IP restrictions prevent access to your account from untrusted IP addresses.
Warning
Using this endpoint can lock you out of your account. Be careful to avoid creating restrictions that block the IP addresses you use to access CertCentral.
Assign IP rules to the top-level account container
CertCentral assigns IP restrictions to the top-level container
(division) in the account. This means, in the request URL, the value of the container_id
path parameter must be the ID of the top-level account container
.
Tip
To get the ID of the top-level container in your account, use the List containers API endpoint. The top-level container is the container with a parent_id
value of 0
.
Format IP addresses
Each IP rule restricts access either to a single IP address or to a range of allowed addresses. In your request, you must use IPv4 format for all IP addresses.
Create a rule for a single IP address
In the request payload, set the
ip_address
andip_address_end
request parameters to the same value, the allowed IP address:{ "ip_address": "192.0.2.0", "ip_address_end": "192.0.2.0" }
IP address range
In the request payload, set the value of the
ip_address
request parameter to the starting IP address. Set the value of theip_address_end
request parameter to the ending IP address:{ "ip_address": "192.0.2.0", "ip_address_end": "192.0.2.29" }
Choose a restriction type
You can add a rule that applies to all account access, or you can add a rule that only applies to a single user or API key.
New IP rules apply to all account access by default. To scope a rule to a single user or API key, use the user_id
and api_key_id
request parameters.
Note
Each IP rule has only one restriction type (account, API key, or user), and restriction types are mutually exclusive. This means, to restrict an API key and a user to the same IP block, you must create two rules with the same IP restrictions: one rule for the API key, and another for the user.
Example requests and responses
Path parameters
Name | Type | Description |
---|---|---|
container_id | int | ID of the top-level account container (division). To get the ID of the top-level container in your account, use the List containers API endpoint. The top-level container is the container with a |
Request parameters
Name | Req/Opt | Type | Description |
---|---|---|---|
ip_address | required | string | Starting IP address in allowed address range. IPv4 format required. |
ip_address_end | required | string | Ending IP address in allowed address range. Alternately, to restrict access to a single address, populate both |
user_id | optional | int | ID of user to create the rule for. Mutually exclusive with |
api_key_id | optional | int | ID of API key to create the rule for. Mutually exclusive with |
description | optional | string | Custom rule description. |