Skip to main content

Authorized IP Access Control

🔒 The Koncili API features an additional IP-based security mechanism, ensuring that only previously authorized addresses can perform authenticated calls.

Each gumgaToken is linked to an allowlist of authorized IPs, and only these addresses are permitted to consume resources from the /externalapi/ endpoint.

Retrieve Authorized IPs

Returns all registered and enabled IPs for the current gumgaToken.
Only the listed IPs are permitted to perform API calls.

Authorize New IP

Registers a new IP for the provided access token, enabling its use within the API.
Once registered, the specified IP gains immediate permission to access protected API endpoints.

Remove Authorized IP

Removes a previously authorized IP, disabling its access to the API.
Upon removal, the IP will no longer have API access, even if it continues to use the same gumgaToken.

⚙️ Best Practices

Always keep the registry of active IPs up to date.
Remove addresses that are no longer in use.
If your integration environment uses dynamic IPs, please contact erp@koncili.com for guidance on exceptions.

Retrieve Authorized IPs
Authorize New IP
Remove Authorized IP
⚙️ Best Practices