IP Access

The IP Access section empowers administrators to control access to the LoginRadius APIs by defining specific IP addresses or ranges. This feature enhances security by putting the power to restrict unauthorized access in your hands.

We have included some business use cases based on this feature:

1. Restrict API Access to Internal Networks – Limit API access to corporate offices or VPNs for enhanced security.

2. Blocking Untrusted or Malicious Traffic – Prevent known malicious or suspicious IPs from accessing APIs.

3. Securing Partner Integrations – Ensure only trusted B2B partners’ IPs can interact with your APIs.

4. Compliance and Regulatory Requirements – Enforce industry-specific security policies like HIPAA or PCI-DSS.

5. Preventing Credential Stuffing & Brute Force Attacks – Block IPs exhibiting unusual login behavior.

6. Temporary IP Restrictions for Incident Response – Quickly block compromised IPs during a security breach.

Administrators can configure the access type as either Allowlist or Blacklist:

• Allowlist: Only the specified IP addresses/ranges can access LoginRadius APIs. Unspecified IPs will be denied.
• Blacklist: The specified IP addresses/ranges are blocked from accessing LoginRadius APIs, while all other IPs are allowed.

Note: When the blacklist option is active, all IPs listed under the blacklist are denied access, and any unspecified IP addresses are automatically granted access.

Following the below steps, you can allow or block access to requests coming from IP addresses.

1. Enable/Disable IP Access Control:
   • Toggle the switch at the top-right corner of the IP Address section to enable or disable IP access restrictions.
2. Select Access Type:
   • Choose between Allowlist or Blacklist by clicking the respective radio button.
3. Add IP Addresses or Ranges:
   • Enter an IP address or range in the provided input field.
   • Click the + Add IP button to include multiple IP addresses/ranges.
4. Remove IPs:
   • Click the red delete icon next to an IP address to remove it from the list.
5. Save or Reset:
   • Click Save to apply your changes.
   • Click Reset to discard changes and restore the previous settings.

• Allowlist Mode:
  • Only IPs like 192.168.0.1 or ranges like 192.168.0.1/24 specified in the allowlist will access LoginRadius APIs.
• Blacklist Mode:
  • IPs like 203.0.113.1 or ranges like 203.0.113.1/16 added to the blacklist will be denied access.

• Use Allowlists for High-Security APIs – Restrict access only to trusted business locations, VPNs, or partners.
• Regularly Review IP Access Lists – Remove outdated IPs to prevent unauthorized access.
• Monitor Access Logs Frequently – Track API logs to detect and respond to suspicious activity.
• Combine IP Restrictions with Authentication – Use OAuth, JWT tokens, or API keys for multi-layer security.
• Use CIDR Notation for Efficiency – Simplify IP management by adding ranges (e.g., 203.0.113.0/24) instead of individual IPs.
• Implement Geo-Restrictions if Needed – Restrict access based on geographic location for compliance.
• Have an Incident Response Plan – Quickly block or modify access in case of security breaches.
• Apply IP Throttling for Rate Limits – Prevent abuse by setting API rate limits based on IP addresses.
• Ensure Redundancy for Business Continuity – Allow multiple secure IPs to avoid disruptions due to network failures.

This streamlined list ensures clear, actionable best practices for securing B2B APIs with IP controls.

• LoginRadius service IPs
• Risk-Based Authentication
• Acceptable use policy