If you want to add an extra layer of security to your gateway, you can define which specific IP addresses or hostnames can access your Control Panel or take certain actions via the API. This is called whitelisting. Once enabled, access will be denied unless the user's IP address or hostname is added to the whitelist.
The whitelist only applies to Control Panel access and server-to-server calls via the API. Any encrypted calls that come straight from the customer’s browser (e.g. requests for payment method nonces using our client SDKs) will not be subject to the whitelist and will be passed to Braintree, regardless of the user’s IP address.
Users with the Edit IP Restrictions role permission can follow these steps to whitelist certain IP addresses or hostnames:
- Log into the Control Panel
- Navigate to Settings > Security > IP and Hostname Restrictions
- Click Edit
- Add IP address or hostname
- Check the boxes to select whether to allow Control Panel access and/or API access
- Click Add Allowed Host
- Repeat steps 4-6 to add any other desired IP addresses or hostnames
- Click Enable Restrictions
You can use wildcard logic to whitelist a range of hostnames under a specific domain, or all IPs within a certain subnet range. For example, adding 127.54.63.* will allow all IP address within the 127.54.63 subnet range. Classless Inter-Domain Routing (CIDR) notation is also supported.
Still have questions?
If you can’t find an answer, contact our Support team