Ana içeriğe atla

General Information

Policy Type

policy-white-ip

Endpoints

List Policies

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Add Policy

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Update Policy

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Delete Policy

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

List Policies

Endpoint

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Request

Headers

HeaderValue
AuthorizationBearer {token}

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name

Response

Success Response (200 OK)

{
  "success": true,
  "resultList": [
    {
      "apiProxy": {
        "name": "MyAPI",
        "requestPolicyList": [
          {
            "type": "policy-white-ip",
            "name": "white-ip-policy",
            "description": "Allow only trusted IPs",
            "active": true,
            "targetVariableForIP": null,
            "ipList": [
              "192.168.1.0/24",
              "10.0.0.0/8",
              "203.0.113.100"
            ]
          }
        ],
        "responsePolicyList": [],
        "errorPolicyList": []
      }
    }
  ],
  "resultCount": 1
}
Note: In list operations, ipList may be omitted for brevity.

cURL Example

curl -X GET \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/" \
  -H "Authorization: Bearer YOUR_TOKEN"

Add Policy

Endpoint

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-white-ip",
    "description": "Allow only trusted IP addresses",
    "active": true,
    "targetVariableForIP": null,
    "ipList": [
      "192.168.1.0/24",
      "10.0.0.0/8",
      "203.0.113.100",
      "2001:db8::/32"
    ]
  }
}

Request Body Fields

operationMetadata
FieldTypeRequiredDefaultDescription
targetScopestringYes-Policy scope: ALL or ENDPOINT
targetEndpointstringNo*-Endpoint path (required if targetScope=ENDPOINT)
targetEndpointHTTPMethodstringNo*-HTTP method (required if targetScope=ENDPOINT)
targetPipelinestringYes-Pipeline: REQUEST, RESPONSE, or ERROR
deploybooleanNotrueWhether to deploy after adding policy
deployTargetEnvironmentNameListarrayNo[]List of environment names to deploy to
orderintegerNonullPolicy execution order (starts from 1)
Enum: targetScope
  • ALL - Policy applies to all endpoints
  • ENDPOINT - Policy applies only to specified endpoint
Enum: targetPipeline
  • REQUEST - Executes in request pipeline
  • RESPONSE - Executes in response pipeline
  • ERROR - Executes in error pipeline
Enum: targetEndpointHTTPMethod
  • GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD
policy
FieldTypeRequiredDefaultDescription
typestringYes-Policy type: policy-white-ip
descriptionstringNo-Policy description
activebooleanNotrueWhether policy is active
targetVariableForIPobjectNonullVariable to extract IP address (null = use Apinizer default)
ipListarrayYes-List of IP addresses or CIDR ranges to allow

IP Address Formats

  • Single IP: 192.168.1.100 (IPv4) or 2001:db8::1 (IPv6)
  • CIDR Range: 10.0.0.0/8 (IPv4) or 2001:db8::/32 (IPv6)
  • Multiple entries: Array of IPs and CIDR ranges

Note

  • ipList must contain at least one IP address or CIDR range.
  • When targetVariableForIP is null, Apinizer uses default IP detection (from X-Forwarded-For header or direct connection).
  • Only IPs in the whitelist are allowed. All other IPs are blocked.
targetVariableForIP (Optional)
FieldTypeRequiredDescription
typestringYesVariable type: HEADER, PARAMETER, BODY, CONTEXT, SCRIPT
headerNamestringNo*Header name (required if type=HEADER)
paramNamestringNo*Parameter name (required if type=PARAMETER)
contextValuestringNo*Context value (required if type=CONTEXT)
Enum: type
  • HEADER - Extract from HTTP header (e.g., X-Forwarded-For, X-Real-IP)
  • PARAMETER - Extract from query/path parameter
  • BODY - Extract from request body
  • CONTEXT - Extract from context (e.g., CLIENT_IP)
  • SCRIPT - Extract using script
Enum: contextValue
  • CLIENT_IP - Client IP address (recommended for IP filtering)
  • REQUEST_URI - Request URI
  • REQUEST_METHOD - HTTP method
  • USER_AGENT - User agent string

Default IP Detection

When targetVariableForIP is null, Apinizer automatically detects the client IP from:
  1. X-Forwarded-For header (if present)
  2. Direct connection IP address

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

cURL Example

curl -X POST \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/white-ip-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-white-ip",
      "description": "Allow only trusted IP addresses",
      "active": true,
      "ipList": [
        "192.168.1.0/24",
        "10.0.0.0/8"
      ]
    }
  }'

Update Policy

Endpoint

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-white-ip",
    "description": "Updated white IP list",
    "active": true,
    "targetVariableForIP": {
      "type": "HEADER",
      "headerName": "X-Forwarded-For"
    },
    "ipList": [
      "192.168.1.0/24",
      "192.168.2.0/24",
      "10.0.0.0/8",
      "203.0.113.100",
      "2001:db8::/32"
    ]
  }
}
Note: Request body structure is the same as Add Policy. All fields should be provided for update.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

cURL Example

curl -X PUT \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/white-ip-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-white-ip",
      "description": "Updated white IP list",
      "active": true,
      "ipList": [
        "192.168.1.0/24",
        "10.0.0.0/8"
      ]
    }
  }'

Delete Policy

Endpoint

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": false
  }
}

Request Body Fields

operationMetadata
FieldTypeRequiredDefaultDescription
targetScopestringYes-Policy scope: ALL or ENDPOINT
targetPipelinestringYes-Pipeline: REQUEST, RESPONSE, or ERROR
deploybooleanNofalseWhether to deploy after deletion

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": []
  }
}

cURL Example

curl -X DELETE \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/white-ip-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": false
    }
  }'

Notes and Warnings

  • IP List: Must contain at least one IP address or CIDR range
  • IP Formats:
    • Single IP: 192.168.1.100 (IPv4) or 2001:db8::1 (IPv6)
    • CIDR Range: 10.0.0.0/8 (IPv4) or 2001:db8::/32 (IPv6)
  • Whitelist Behavior: Only IPs in the whitelist are allowed. All other IPs are blocked.
  • IP Detection:
    • When targetVariableForIP is null, Apinizer uses default IP detection
    • Default detection checks X-Forwarded-For header and direct connection IP
  • Custom IP Extraction: Use targetVariableForIP to extract IP from custom headers or parameters
  • CIDR Notation: CIDR ranges allow all IPs within the specified range
  • IPv6 Support: Both IPv4 and IPv6 addresses are supported
  • Security: Use whitelist for maximum security - only explicitly allowed IPs can access the API
  • Performance: IP checking is fast, but large IP lists may impact performance
  • Order: This policy should typically be executed early in the request pipeline (low order number)
  • Deployment: Policy changes require deployment to take effect. Set deploy: true or deploy manually.