Startbutton Product API
  • Startbutton API doc
    • Get Started
    • Accept Payments
    • Server-to-Server Integration
      • S2S Integration for Virtual Accounts
        • S2S Virtual account (NGN)
        • S2S Virtual account (GHS)
        • S2S EFT (ZAR)
      • S2S Integration for Mobile Money
        • S2S MoMo (KES and GHS)
        • S2S MoMo (TZS and UGX)
        • S2S MoMo (RWF)
        • S2S MoMo XOF and XAF
    • Re-charge Card
    • Subscriptions
    • Payment Links
    • Currency Conversion
    • Get Wallet Balance
    • Transfer
      • Bank List
    • Security Measures.
      • IP Whitelisting
    • Webhook
    • Transaction Status
    • Get FX Rate
    • Under and Overpayments
    • Refunds
      • Refund Transaction Status (TSQ)
    • Available Currencies
    • FAQs
  • Advanced Security
    • Signed Payload for Transfer Requests.
Powered by GitBook
On this page
  1. Startbutton API doc
  2. Security Measures.

IP Whitelisting

This security feature limits access to a system or network exclusively to approved IP addresses. By rejecting requests from non-whitelisted IPs, it enhances protection against unauthorized access.

To Get Started:

Authorization
Set value to Bearer {{MERCHANT_AUTH_TOKEN}}

Content-type

Set value to application/json

To generate {{MERCHANT_AUTH_TOKEN}}; Log in to your account via the API.

Make a request to the URL below, where the base URL is determined by the environment you are on.

BaseUrls

PROD : https://api.startbutton.tech

DEV/ Staging: https://api-dev.startbutton.tech

PATCH {{baseUrl}}/merchant/ip-whitelist/configure

Add your IP(s) to be whitelisted just as in the sample request below.

{
    "whitelistedIps": ["127.0.0.1"],
    "password": "@mypassword"
}
{
    "success": true,
    "message": "Whitelisted IPs updated successfully",
    "data": {
                [ ]
            }
  {
        "whitelistedIps": [
            "127.0.0.1"
        ],
    }
}

NOTE: Once you whitelist your IP, the system validates the IP address in your request for all endpoints that require a PRIVATE/SECRET_KEY Authorization. If it's invalid, the request will Fail.

If a request is made with a non-whitelisted IP address you get the response below:

{
    "message": "Access denied: IP not whitelisted",
    "success": false
}
PreviousSecurity Measures.NextWebhook

Last updated 2 months ago