If you want to add an extra layer of security to your gateway, you can define which specific IP addresses or hostnames can access your Control Panel or take certain actions via the API. This is called whitelisting. Once enabled, access will be denied unless the user's IP address or hostname is added to the whitelist.

note

Braintree does not currently offer the option to blacklist – or block – specific IP addresses or hostnames.

The whitelist only applies to Control Panel access and server-to-server calls via the API. Any encrypted calls that come straight from the customer’s browser (e.g. requests for payment method nonces using our client SDKs) will not be subject to the whitelist and will be passed to Braintree, regardless of the user’s IP address.

Enabling IP and hostname restrictions

Users with the Edit IP Restrictions role permission can follow these steps to whitelist certain IP addresses or hostnames:

  1. Log into the Control Panel
  2. Navigate to Settings > Security > IP and Hostname Restrictions
  3. Click Edit
  4. Add IP address or hostname
  5. Check the boxes to select whether to allow Control Panel access and/or API access
  6. Click Add Allowed Host
  7. Repeat steps 4-6 to add any other desired IP addresses or hostnames
  8. Click Enable Restrictions
important

If you give an IP address or hostname access to only the Control Panel or only the API, it will block access to the other. We always recommend testing in the sandbox before implementing whitelisted IP addresses or hostnames in production.

Wildcards and CIDR notation

You can use wildcard logic to whitelist a range of hostnames under a specific domain, or all IPs within a certain subnet range. For example, adding 127.54.63.* will allow all IP address within the 127.54.63 subnet range. Classless Inter-Domain Routing (CIDR) notation is also supported.

Still have questions?

If you can’t find an answer, contact our Support team.


← Back to Previous Page