This article explains how to configure an IP Allow list for your API Keys in Pigment. Restricting API key usage to specific IP addresses helps reduce the risk of key leaks.
Access the API Keys page
You must be a Workspace Admin to access the API Keys page in Workspace Settings.
You can manage API keys and IP Allow lists from the API Keys page in Workspace Settings. To do this:
- In your Workspace, select Settings.
- Select API Keys in the sidebar to create or manage API keys.
- Select the IP Allow list tab to create or manage allow lists.
Create an IP Allow list
To create a new IP Allow list:
- Select + New IP Allow list.
- In the Create a new IP Allow list panel, fill in the required fields:
- List name. A descriptive name for the allow list.
- Description. A brief explanation of the purpose or scope of the allow list.
- IP addresses or range. The IP addresses or CIDR range that should be allowed.
Only IPv4 addresses are supported. Example: 198.51.100.73.
For ranges, use CIDR notation. Example: 198.51.100.0/24, this format covers 198.51.100.0 through 198.51.100.255.
- Select Save.
Link an API key to an IP Allow list
Once you’ve created your IP Allow list, you must specify which API key it applies to.
To do this:
- Select an allow list from the IP Allow lists page to reveal linked API keys.
- Select + Link API key and choose the API keys from the dropdown menu to link to the allow list.
When multiple allow lists are linked to the same API key, any IP address or range appearing in any of those lists will be permitted.
Configure a default IP Allow list
To ensure consistent IP restrictions across API keys, you can set a default IP Allow list.
To do this:
- Select Manage default Allow list.
- Toggle Set a default Allow list to On.
- Select the Allow list to set as the default from the dropdown menu.
- Select Save.
The default IP Allow list is automatically applied to all API keys unless a specific allow list is assigned.