Breadcrumbs

Manage access to API. Authentication

Authentication

This integration API is for public requests and doesn't require Bearer token authentication.

Manage access to API via an IP address

To ensure the security and restrict access to the API, an IP address whitelist mechanism is employed. Administrators can manage this list using the Artisan command: ip-access:manage. This command provides tools for adding, viewing, and clearing IP addresses or subnets that are permitted for various types of API access.

The syntax for the command is as follows:
php artisan ip-access:manage {type} {ip?} {--fresh} {--show}
Where;

  • {type} – is a required argument that defines the type of access for which the whitelist is being managed. Valid values are defined in the App\Models\IpAccess::TYPES constant and include:

    • admin

    • push1st

    • orchestrator

    • ib

    • integration_module

    • billing

    • analytic_video

  • {ip?} – an optional argument for the IP address or subnet you want to whitelist. Subnets should be in the IP/mask format (for example, 192.168.1.0/24). If you omit this argument, the command won't add a new IP address.

  • --fresh – is an optional flag. If this flag is present, the entire current whitelist for the specified access type will be emptied before a new IP address is added (assuming an IP address is also provided).

  • --show – is an optional flag. When used, it displays the current whitelist of IP addresses and subnets configured for the specified access type. 

Examples

  • View a whitelist for the billing type:
    php artisan ip-access:manage billing --show

  • Add an IP address 192.168.1.100 to the billing type:
    php artisan ip-access:manage billing 192.168.1.100

  • Add a subnet 192.168.1.0/24 for the billing type and clear the existing whitelist:
    php artisan ip-access:manage billing 192.168.1.0/24 --fresh

How it works

Using the ip-access:manage command allows administrators to precisely control which IP addresses or IP address ranges are authorized to access protected API routes. A middleware mechanism safeguards the system by checking the incoming request's IP address against a whitelist designated for that specific access type.

Access attempts from IP addresses not on the whitelist will trigger an HTTP 403 Forbidden error, indicating a lack of permission to access the resource.

HTTP headers in an API request play a crucial role in determining how the API processes requests and forms responses.