How we can restrict access for a particular product requests with a fixed ip address

AKumar15
Participant I

I want to setup a client sandbox, to test configured APIs. So requirement is like check the api key or product if it belongs to sandbox product, then check for request, it is coming from which server. If ip address or domain is not equal to my sandbox server, unauthorize the request with 401 and invalid domain request error.

0 4 450
4 REPLIES 4

Hi @AKumar15 take a look at the Access Control Policy, this will enable you to restrict to a specific IP address access.

Thanks for reply @mschreuder . I need to add IP restriction only if request.api_key == <sandbox_apikey OR sandbox_product>, else we need to allow access for requests coming from other products/api_key. So requirement is to check for IP only if sandbox api key is coming in request, else it would be open for other clients. I am not sure if we can do it by using only Access Control Policy, as it checks for IP and not providing any combination to use it with api_key as well.

Experiment with adding a condition to the access control policy step, something like:

<Step>
   <Condition>"flow variable containing api_key"="sandbox api_key"</Condition>
   <Name>"AccessControlPolicy"</Name>
</Step>

Replacing "flow variable containing api_key" with whatever flow variable contains the api_key used in the incoming request and "sandbox api_key" with the sandbox api_key that you want to do the IP check on and "AccessControlPolicy" with the name of your Access Control Policy. This way the access control policy will only execute if the condition is met.

You could enhance it further to use kvm to store values like the sandbox api_key(s) and/or the ip addresses so that if those values changed you just update kvm rather than having to edit your proxy and re-depoly it

Here's a few other references that might also help:

Conditions

Verifying api keys

Flow variables

KeyValue Maps

Alternatively, you could create a javascript / java / python / node script to take care of that.

@mschreuder Thanks for detail information, it will help in fixing it quick. I will try it and update you by late evening. Thanks again.