Using the service-ip-allowlist commands

You can use the service-ip-allowlist commands to add, remove, and list the IP addresses on your Developer Portal allowlist. IP addresses that are on the allowlist are exempt from being blocked by Developer Portal security checks, for example, load balancer and proxy IPs.

  1. Log in as Cloud manager:
    apic login --server management_server --realm admin/identity_provider --username admin --password cloud_password
    You can determine which identity provider to use in the --realm parameter by entering the following command to see a list of all available identity providers (you do not need to be logged in to use this command):
    apic identity-providers:list --scope admin --server mgmt_endpoint_url --fields title,realm
    For example:
    apic identity-providers:list --scope admin --server --fields title,realm
    total_results: 2
      - title: Cloud Manager User Registry
        realm: admin/default-idp-1
      - title: Corporate LDAP user registry
        realm: admin/corporate-ldap
    The title value should enable you to determine which identity provider to use; you can then copy the corresponding --realm parameter directly from the displayed realm value. For any identity providers that were created by your administrator after API Connect was installed, the names will have been determined at creation time. The default Cloud Manager Local User Registry for login as a member of the cloud administration organization is default-idp-1.

    For full details of the apic login command, see Logging in to a management server.

  2. Add one or more IP addresses to the allowlist:
    apic --mode portaladmin service-ip-allowlist:add --server management_server --portal_service_name portal --ips "list_of_ips"
    • management_server is the endpoint URL of the management server.
    • portal is the name of the portal service.
    • list_of_ips is a comma separated list of the IP addresses that you want to add to the allowlist.
    For example:
    apic --mode portaladmin service-ip-allowlist:add --server --portal_service_name my_portal_service --ips "123.456.34.56,123.456.46.67"
    Successfully added IP: 123.456.34.56.
    Successfully added IP: 123.456.46.67.
  3. Delete all of the IP addresses that are currently on the allowlist:
    apic --mode portaladmin service-ip-allowlist:delete --server management_server --portal_service_name portal
  4. List all of the IP addresses that are currently on the allowlist:
    apic --mode portaladmin service-ip-allowlist:list --server management_server --portal_service_name portal
  5. Remove one or more IP addresses from the allowlist:
    apic --mode portaladmin service-ip-allowlist:remove --server management_server --portal_service_name portal --ips "list_of_ips"