Modify an API Client IP Allow List

Endpoint URL: {registrationDomain} /clients/set_whitelist

Description

Updates the IP allow list for an API client. The IP allow list specifies the IP addresses that are allowed to access the client; by default, any IP address can access a client. Note that only an owner client can call the /clients/set_whitelist endpoint.

Respects the API Client Allow List: Yes

API Client Permissions

The following table indicates the API clients that can (and the API clients that can't) be used to call this endpoint:

owner	access_issuer	direct_access	direct_read_access	login_client
Yes	No	No	No	No

Authentication

This endpoint supports Basic authentication.

How to Create an Authentication String

Base URL

The base URL for this endpoint is your Identity Cloud Capture domain; for example:

https://educationcenter.us-dev.janraincapture.com

Your Capture domains (also known as Registration domains) can be found in the Console on the Manage Application page:

Examples

Example Request

This command changes the IP allow list for the API client 67890fghij67890fghij to 192.168.0.0/30. That syntax ensures that only devices with the following IP addresses can access the client:

192.168.0.0
192.168.0.1
192.168.0.2
192.168.0.3


curl -X POST \
  -H "Authorization: Basic c2dueXZ1czZwYzRqbTdraHIybmVxNWdzODlnYnIyZXE6d3Q0YzN1bjl3a2tjZnZ5a25xeDQ0eW5jNDc2YWZzNjg=" \
  --data-urlencode for_client_id=67890fghij67890fghij \
  --data-urlencode whitelist='["192.168.0.0/30"]' \
  https://my-app.janraincapture.com/clients/set_whitelist

Running this command in Postman

Query Parameters

Parameter	Type	Required	Description
for_client_id	string		The ID of the client whose allow list is to be modified. If this parameter is not present then the owner client's allow list will be modified.
whitelist	string	Yes	A JSON array of CIDR addresses that constitute the new allow list for the client. Each value must use the format x.x.x.x/x.

Responses

200 OK

Example Error Response


{
  "argument_name": "whitelist",
  "request_id": "g8snkpqubwkd7kzh",
  "code": 200,
  "error_description": "whitelist was not valid for the following
    reason: invalid cidr address: 123.4.5.6/7890; value after slash
    must be 32or less",
  "error": "invalid_argument",
  "stat": "error"
}

Response Example (application/json)


{
  "stat": "ok"
}

How to Create an Authentication String

To create an authentication string, combine your API client ID, a colon (:), and your client secret into a single value. For example, if your client ID is abcdefg and your client secret is hijklmnop, that value would look like this:

abcdefg:hijklmnop

Next, take the string and base64 encode it. For example, on a Mac, you can base encode the string using this command:

echo -n "abcdefg:hijklmnop" | base64

If you’re running Microsoft Windows, you can encode the string by using a Windows PowerShell command similar to this:

[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("abcdefg:hijklmn"))

The resulting value (e.g., YWJjZGVmZzpoaWprbG1ub3A=) should be used in your authentication header.

If you are making API calls using Postman, select Basic Auth as your identification type, then use the client ID as the username and the client secret as the password.

Before you actually try your authentication string, make sure that your API client has the all the permissions (for example, the right to read user profile information) needed to complete the API call.

Endpoint URL: {registrationDomain} /clients/set_whitelist

Description

Respects the API Client Allow List: Yes

API Client Permissions

Authentication

Base URL

Examples

Query Parameters

Responses

Running this Command in Postman

How to Create an Authentication String

Rate this Article