TPI.devCommunityGithub

Configuring IP Whitelisting via IP Binding

IP Binding in digiRunner serves as an IP whitelisting mechanism, enabling administrators to restrict API access to trusted IP addresses. Implementing IP binding helps enhance security by ensuring that only authorized clients can interact with your APIs. By configuring IP whitelisting through IP binding, you can control and limit API access to specific, pre-approved IP addresses, reducing the risk of unauthorized access.

Prerequisites

Before configuring IP binding, ensure the following:

  • You have administrative access to the digiRunner Admin Console.

  • You have identified the trusted client IP addresses.

Configuring IP Binding

To configure IP binding for a client in digiRunner, follow the instructions below.

Access Client Management

  1. Log in to the Admin Console.

  2. Go to Client Management > API Client to proceed.

Create or Update a Client

  1. To create a new client, click Create.

  2. To update an existing client, locate the client in the list, and click on the icon next to the client.

Configure IP Binding

  1. Locate the IP Binding field within the client configuration form.

  2. Fill in the authorized client’s hostname or IP address. Only requests from these specified IP addresses or hostnames will be allowed to access the APIs associated with this client.

Define Activation and Expiry Period

  1. Specify the Start date to activate the client's access.

  2. Set an Expiry Date to automatically revoke the client's access after a defined period. To allow indefinite access, leave this field blank.

Save Your Configuration

Click Create for new clients, or Update for existing clients, to save your changes and activate IP binding.

For further details about API client configurations, refer to API Client.

Best Practices for IP Whitelisting in digiRunner

  • Regular Review: Regularly audit IP binding configurations to reflect changes in authorized IP addresses.

  • Accuracy: Ensure IP addresses are correctly entered to prevent unintended access disruption.

  • Multi-layered Security: Combine IP binding with other security measures, such as API Keys and OAuth tokens, for robust protection.

Implementing IP binding within digiRunner significantly strengthens API security, ensuring that only verified and trusted IP addresses can access your API resources.

PreviousJWE CertificateNextObtaining API Keys and Calling APIs

Was this helpful?