If you want to add an extra layer of security, you can define which specific IP addresses or hostnames can access your Control Panel or take certain actions via the API. This is called whitelisting. Once enabled, access will be denied unless the user's IP address or hostname is added to the whitelist.

A whitelist is not the same as a blacklist. Here’s an easy way to think of it:

Whitelist – only these things
Blacklist – everything but these things

Braintree does not offer the option to blacklist IP addresses or hostnames at this time.

The whitelist only applies to Control Panel access and server-to-server calls via the API. Any encrypted calls that come straight from the customer’s browser (e.g. when obtaining a nonce with our SDKs) will not be subject to the whitelist and will be passed to Braintree, regardless of the customer’s IP address.

Enabling IP and hostname restrictions

  1. Log into the Control Panel
  2. Navigate to Settings > Security > IP and Hostname Restrictions
  3. Click Edit
  4. Add IP address or hostname
  5. Select whether to allow Control Panel access and/or API access
  6. Click Add Allowed Host
  7. Repeat steps 4-6 to add any other desired IP addresses or hostnames
  8. Click Enable Restrictions
important

If you give an IP address or hostname access to only the Control Panel or only the API, it will completely block access to the other. We always recommend testing in the sandbox before implementing whitelisted IP addresses or hostnames in production.

Still have questions?

If you can’t find an answer, contact our Support team.


← Back to Previous Page