Add IP restriction rule

POST https://www.digicert.com/services/v2/container/{{container_id}}/ip/rules

Use this endpoint to add an IP restriction rule to your CertCentral account. IP restrictions prevent access to your account from untrusted IP addresses.

Warning

Using this endpoint can lock you out of your account. Be careful to avoid creating restrictions that block the IP addresses you use to access CertCentral.

Assign IP rules to the top-level account container

CertCentral assigns IP restrictions to the top-level container (division) in the account. This means, in the request URL, the value of the container_id path parameter must be the ID of the top-level account container.

Tip

To get the ID of the top-level container in your account, use the List containers API endpoint. The top-level container is the container with a parent_id value of 0.

Format IP addresses

Each IP rule restricts access either to a single IP address or to a range of allowed addresses. In your request, you must use IPv4 format for all IP addresses.

Create a rule for a single IP address
In the request payload, set the ip_address and ip_address_end request parameters to the same value, the allowed IP address:
```
{
  "ip_address": "192.0.2.0",
  "ip_address_end": "192.0.2.0"
}
```
IP address range
In the request payload, set the value of the ip_address request parameter to the starting IP address. Set the value of the ip_address_end request parameter to the ending IP address:
```
{
  "ip_address": "192.0.2.0",
  "ip_address_end": "192.0.2.29"
}
```

Choose a restriction type

You can add a rule that applies to all account access, or you can add a rule that only applies to a single user or API key.

New IP rules apply to all account access by default. To scope a rule to a single user or API key, use the user_id and api_key_id request parameters.

Note

Each IP rule has only one restriction type (account, API key, or user), and restriction types are mutually exclusive. This means, to restrict an API key and a user to the same IP block, you must create two rules with the same IP restrictions: one rule for the API key, and another for the user.

Example requests and responses

Example 1. Account wide restriction

curl --request POST 'https://www.digicert.com/services/v2/container/{{container_id}}/ip/rules' \
--header 'X-DC-DEVKEY: {{api_key}}' \
--header 'Content-Type: application/json' \
--data '{
    "ip_address": "192.0.2.0",
    "ip_address_end": "192.0.2.24",
    "description": "Account-wide restriction"
}'

Example 2. User restriction

curl --request POST 'https://www.digicert.com/services/v2/container/{{container_id}}/ip/rules' \
--header 'X-DC-DEVKEY: {{api_key}}' \
--header 'Content-Type: application/json' \
--data '{
    "ip_address": "192.0.2.0",
    "ip_address_end": "192.0.2.24",
    "description": "User restriction",
    "user_id": "1234"
}'

Example 3. API key restriction

curl --request POST 'https://www.digicert.com/services/v2/container/{{container_id}}/ip/rules' \
--header 'X-DC-DEVKEY: {{api_key}}' \
--header 'Content-Type: application/json' \
--data '{
    "ip_address": "192.0.2.0",
    "ip_address_end": "192.0.2.24",
    "description": "API key restriction",
    "api_key_id": "1234"
}'

Path parameters

Name	Type	Description
container_id	int	ID of the top-level account container (division). To get the ID of the top-level container in your account, use the List containers API endpoint. The top-level container is the container with a `parent_id` value of `0`.

Name

Type

Description

container_id

int

ID of the top-level account container (division).