The latest articles on DEV Community by Firstclasspostcodes (@firstclasspostcode). https://dev.to/firstclasspostcode https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Forganization%2Fprofile_image%2F2725%2F84ce7c4e-3519-454f-a1be-eb9f4e5640b3.png https://dev.to/firstclasspostcode en David Kelley Tue, 21 Jul 2020 15:13:24 +0000 https://dev.to/firstclasspostcode/controlling-access-to-your-api-key-2fgi https://dev.to/firstclasspostcode/controlling-access-to-your-api-key-2fgi <p>The Firstclasspostcodes <a href="https://dashboard.firstclasspostcodes.com">dashboard</a> provides you with a number of security controls that help restrict access with your API key.</p> <h2> Enabled Operations </h2> <p>Today, we're releasing this to all of our customers! We've heard feedback from our customers asking us to provide a mechanism to disable operations that aren't required for their use cases, such as Geolocation Lookup; this can help to prevent accidental usage.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--BdK8GuH3--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/h7i3n7urgh2gng8n88ls.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--BdK8GuH3--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/h7i3n7urgh2gng8n88ls.png" alt="A view of security mechanisms"></a></p> <p>Let's also review all of the other ways we help to secure your API key.</p> <h2> Whitelisted domains </h2> <p>You can control access to your API key by whitelisting domains that you'll be using the API key on. For example, if your website lives on <code>https://e-shop.com</code>, you can restrict access by setting <code>e-shop.com</code> as a whitelisted domain.</p> <p>This would prevent access to your API key for requests originating from any domain other than <code>e-shop.com</code>. </p> <p>We also allow you to use wildcard subdomains, so feel free to provide <code>*.e-shop.com</code> too.</p> <h2> Whitelisted IPs </h2> <p>If you're integrating with our API from the back-end, you can provide whitelisted IPs and CIDR ranges to restrict access to your API key from any requests not matching that IP or address range.</p> <p>We're also working on a mechanism to limit the number of requests that can be sent for a specific operation within a billing period.</p>