IP Access endpoint
To secure data access within a specified Query Service sandbox, use the IP Access endpoint to manage allowed IP ranges. You can use this API to fetch, configure, or delete IP ranges associated with your organization’s ID.
You can perform the following actions with the IP Access API:
- Fetch all IP ranges
- Set new IP ranges
- Delete existing IP ranges
This document covers the requests and responses that you can make and receive from the /security/ip-access endpoint.
Fetch all IP ranges fetch-all-ip-ranges
Retrieve a list of all IP ranges configured for your sandbox. If no IP ranges are set, all IPs are allowed by default, and the response returns an empty list in allowedIpRanges.
API format
GET /security/ip-access
Request
curl -X GET https://platform.adobe.io/data/foundation/queryauth/security/ip-access \
-H 'Authorization: Bearer {ACCESS_TOKEN}' \
-H 'x-gw-ims-org-id: {ORG_ID}' \
-H 'x-api-key: {API_KEY}' \
-H 'x-sandbox-name: {SANDBOX_NAME}'
Response
A successful response returns HTTP status 200 with a list of the sandbox’s allowed IP ranges.
{
"imsOrg": "{ORG_ID}",
"sandboxName": "prod",
"channel": "data_distiller",
"allowedIpRanges": [
{"ipRange": "136.23.110.0/23", "description": "VPN-1 gateway IPs"},
{"ipRange": "101.10.1.1"}
]
}
The following table provides a description and example of the response schema properties:
imsOrg{ORG_ID}sandboxNameprodchanneldata_distiller. This value signifies that IP restrictions are applied to PSQL or JDBC connections.data_distillerallowedIpRanges[{"ipRange": "136.23.110.0/23", "description": "VPN-1 gateway IPs"}]allowedIpRanges field can include two types of IP specifications:- CIDR: Standard CIDR notation (for example,
"136.23.110.0/23") to define IP ranges. - Fixed IP: Single IPs for individual access permissions (for example,
"101.10.1.1").
Set new IP ranges
Overwrite existing IP ranges by setting a new list for the sandbox. This operation requires a complete list of IP ranges, including any that remain unchanged.
API format
PUT /security/ip-access
Request
curl -X PUT https://platform.adobe.io/data/foundation/queryauth/security/ip-access \
-H 'Authorization: Bearer {ACCESS_TOKEN}' \
-H 'Content-Type: application/json' \
-H 'x-gw-ims-org-id: {ORG_ID}' \
-H 'x-api-key: {API_KEY}' \
-H 'x-sandbox-name: {SANDBOX_NAME}' \
-d '{
"ipRanges": [
{"ipRange": "136.23.110.0/23", "description": "VPN-1 gateway IPs"},
{"ipRange": "17.102.17.0/23", "description": "VPN-2 gateway IPs"},
{"ipRange": "101.10.1.1"},
{"ipRange": "163.77.30.9", "description": "Test server IP"}
]
}'
Response
A successful response returns HTTP status 200 with details of the newly configured IP ranges.
{
"imsOrg": "{ORG_ID}",
"sandboxName": "prod",
"channel": "data_distiller",
"allowedIpRanges": [
{"ipRange": "136.23.110.0/23", "description": "VPN-1 gateway IPs"},
{"ipRange": "17.102.17.0/23", "description": "VPN-2 gateway IPs"},
{"ipRange": "101.10.1.1"},
{"ipRange": "163.77.30.9", "description": "Test server IP"}
]
}
Delete IP ranges delete-ip-ranges
Remove all configured IP ranges for the sandbox. This action deletes the IP ranges and returns the deleted IP list.
imsOrg) ID and affects all IP ranges configured for the sandbox.API format
DELETE /security/ip-access
Request
curl -X DELETE https://platform.adobe.io/data/foundation/queryauth/security/ip-access \
-H 'Authorization: Bearer {ACCESS_TOKEN}' \
-H 'x-gw-ims-org-id: {ORG_ID}' \
-H 'x-api-key: {API_KEY}' \
-H 'x-sandbox-name: {SANDBOX_NAME}'
Response
A successful response returns HTTP status 200 with details of the deleted IP ranges.
{
"imsOrg": "{ORG_ID}",
"sandboxName": "prod",
"channel": "data_distiller",
"deletedIpRanges": [
{"ipRange": "136.23.110.0/23", "description": "VPN-1 gateway IPs"},
{"ipRange": "17.102.17.0/23", "description": "VPN-2 gateway IPs"},
{"ipRange": "101.10.1.1"},
{"ipRange": "163.77.30.9", "description": "Test server IP"}
]
}