Overview
An IP Based Access Control Policy restricts or allows access to APIs based on the client’s IP address. It helps enhance security by ensuring that only trusted IP addresses or networks can access your APIs, while blocking unauthorized or suspicious sources.
You can define both allow lists and block lists to control access. Requests are evaluated against these lists before being forwarded to the backend.
Field Reference
The following fields are available when creating or editing an IP Based Access Control policy:
Field Reference | Description |
| A unique identifier for the policy, used across logs, dashboards, and API group configurations. Required |
| Custom labels to organize and filter the policy by environment, team, or functionality. Optional |
| Specifies the list of IP addresses or IP ranges that are permitted to access the API. Multiple IPs can be added by separating them with commas. Optional |
| Specifies the list of IP addresses or IP ranges that are denied access to the API.Multiple IPs can be added by separating them with commas. Optional |
.png&w=1920&q=75&dpl=dpl_5H5sj51KgVz3D2yHXDGeMZK5v5yJ)
.png)
How It Works
Request received: The gateway receives the API request and identifies the client’s IP address.Block list check: The IP address is checked against the block list.If it matches a blocked entry, the request is immediately rejected.
Allow list check: If an allow list is configured, the IP is validated against it.If the IP is not included, the request is rejected.
If no allow list is defined, all non-blocked IPs are allowed.
Request forwarding: If the IP passes all checks, the request is forwarded to the backend service.Access enforcement: Rejected requests receive an appropriate error response indicating that access is denied.
Attaching a Policy to an API Group
Once an IP Based Access Control Policy is created, it can be attached to one or more API Groups. Multiple policies can be applied to an API Group, and their execution order can be configured by arranging them in the desired sequence.