IP whitelist

With v2 of Bank Account Data API users have the ability to use IP whitelisting to control access to sensitive banking information.

IP whitelisting is a feature similar to a firewall that allows one to define exclusive ranges of IP addresses that can communicate with the API and receive information. All HTTP(s) requests from servers outside these ranges will receive a status-403 error message as a response.

Setting up IP whitelisting

You can set up IP whitelisting when you generate new access credentials on the User Secrets page:

• First, enter a comma-separated list of IP's using CIDR notation, for example: 198.51.100.0/24,189.53.100.0/22,2001:db8::/48
• You can combine IPv4 and IPv6 addresses in your list, as you can see in the example above.
• Leave the default value 0.0.0.0/0 unchanged not to filter addresses - this effectively disables whitelisting for IPv4 addresses.
• Add ::/0 to allow all IPv6 addresses. 0.0.0.0/0, ::/0 allows all addresses of both protocols. Any server that can provide valid credentials will be able to query the API.

N.B.! If your list includes 0.0.0.0/0 or ::/0 among other address ranges, this will have the effect of allowing all IP's of the respective protocol.

Due to security reasons it is not possible to edit IP whitelist of an existing user secret. If you wish to apply any changes to the IP whitelist, you would need to create a new user secret and add the updated IP whitelist there.