IP whitelist

With v2 of Bank Account Data API users have the ability to use IP whitelisting to control access to sensitive banking information.

IP whitelisting is a feature similar to a firewall that allows one to define exclusive ranges of IP addresses that can communicate with the API and receive information. All HTTP(s) requests from servers outside these ranges will receive a status-403 error message as a response.

Setting up IP whitelisting

You can set up IP whitelisting when you generate new access credentials on the User Secrets page:

First, enter a comma-separated list of IP's using CIDR notation, for example: 198.51.100.0/24,189.53.100.0/22,2001:db8::/48
Leave the default value 0.0.0.0/0 unchanged not to filter addresses - this effectively disables whitelisting for IPv4 addresses.

N.B.! If your list includes 0.0.0.0/0 or ::/0 among other address ranges, this will have the effect of allowing all IP's of the respective protocol.

Due to security reasons it is not possible to edit IP whitelist of an existing user secret. If you wish to apply any changes to the IP whitelist, you would need to create a new user secret and add the updated IP whitelist there.

Bank Account Data Quickstart Guide

Simple and streamlined guide to start using our Bank Accoun Data API

Quickstart Guide

Demo page of our Bank Account Data API

See the product in action with few easy clicks

Bank Account Data Demo

Quick links

Knowledge base
Gocardless Bank Account Data

About GoCardless

Legal
Privacy
Security
Blog

Support

Contact support
Complaints
Contact sales

API Documentation

Developer documents

GoCardless Ltd, Sutton Yard, 65 Goswell Road, London, EC1V 7EN, United Kingdom

GoCardless Ltd (company registration number 07495895) is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017, registration number 597190, for the provision of payment services.

IP whitelist

Setting up IP whitelisting

Promoted articles

Recently Added Articles

Top Articles