Skip to main content
GET
/
api
/
adm
/
whitelistIP
Validate IP Address
curl --request GET \
  --url https://localhost:44371/api/adm/whitelistIP \
  --header 'Authorization: Bearer <token>'
{
  "success": true,
  "code": 200,
  "errorMessage": null
}

Description

Checks if the provided IP address matches any whitelist entry configured for the specified company or project. When both company ID and project ID are provided, project-level whitelist takes precedence. This endpoint is used to implement IP-based access control as part of a defense-in-depth security strategy.

Input

  • Query Parameters: model (WhitelistIpValidationRequest, required) — Validation request including:
    • companyId (guid, required) — Company identifier.
    • ipAddress (string, required) — IP address to validate (e.g., 192.168.1.100).
    • companyProjectId (guid, optional) — Optional project identifier for project-level validation.

Output

Returns a WhitelistIpValidationResponse containing the validation result (true if IP is whitelisted).

Example Request

GET /api/admin/whitelistIP?companyId=3fa85f64-5717-4562-b3fc-2c963f66afa6&ipAddress=192.168.1.100
Authorization: Bearer {token}

Example Response

{
  "success": true,
  "code": 200,
  "errorMessage": null,
  "result": true
}

Errors

  • 400 Bad Request — Missing required fields (companyId, ipAddress) or invalid IP address format.
  • 404 Not Found — Specified company or project does not exist.
  • 401 Unauthorized — Missing or invalid authentication token.

Notes

  • A successful response with result=false means the IP is NOT whitelisted; access should be denied.
  • IP whitelist supports both individual IPs (192.168.1.100) and CIDR ranges (192.168.1.0/24).
  • Project-level whitelist overrides company-level whitelist when both are configured.
  • If no whitelist is configured, all IPs are typically allowed (check business rules).
  • IP validation should be performed on every API request for proper access control.

Authorizations

Authorization
string
header
required

The access token received from the authorization server in the OAuth 2.0 flow.

Query Parameters

CompanyId
string<guid>

The identifier of the company whose whitelist is being checked.

CompanyProjectId
string<guid> | null

The identifier of the company project whose whitelist is being checked.

IpAddress
string | null

The IP address that should be validated against the whitelist.

Response

Returns the validation result indicating whether the IP is whitelisted. Note that success: true with result: false means the validation completed successfully but the IP is not whitelisted.

Standard response structure containing operation status and error information. Represents the result of validating a whitelist IP address.

success
boolean

True if the operation completed successfully; false if an error occurred.

Example:

true

code
enum<string>

Result code indicating the outcome of the operation.

Available options:
Unknown,
Success,
BadRequest,
Unauthorized,
NotFound,
Error
Example:

200

errorMessage
string | null

Human-readable error message when an error occurs.

Example:

null

result
boolean

Indicates whether the provided IP address is whitelisted.