If you want to add an extra layer of security, you can define which specific IP addresses or hostnames can access your Control Panel or take certain actions via the API. This is called whitelisting. Once enabled, access will be denied unless the user's IP address or hostname is added to the whitelist.
The whitelist only applies to Control Panel access and server-to-server calls via the API. Any encrypted calls that come straight from the customer’s browser (e.g. when obtaining a nonce with our SDKs) will not be subject to the whitelist and will be passed to Braintree, regardless of the customer’s IP address.
- Log into the Control Panel
- Navigate to Settings > Security > IP and Hostname Restrictions
- Click Edit
- Add IP address or hostname
- Select whether to allow Control Panel access and/or API access
- Click Add Allowed Host
- Repeat steps 4-6 to add any other desired IP addresses or hostnames
- Click Enable Restrictions