DEV Community

David Kelley for Firstclasspostcodes

Posted on

Controlling access to your API Key

The Firstclasspostcodes dashboard provides you with a number of security controls that help restrict access with your API key.

Enabled Operations

Today, we're releasing this to all of our customers! We've heard feedback from our customers asking us to provide a mechanism to disable operations that aren't required for their use cases, such as Geolocation Lookup; this can help to prevent accidental usage.

A view of security mechanisms

Let's also review all of the other ways we help to secure your API key.

Whitelisted domains

You can control access to your API key by whitelisting domains that you'll be using the API key on. For example, if your website lives on https://e-shop.com, you can restrict access by setting e-shop.com as a whitelisted domain.

This would prevent access to your API key for requests originating from any domain other than e-shop.com.

We also allow you to use wildcard subdomains, so feel free to provide *.e-shop.com too.

Whitelisted IPs

If you're integrating with our API from the back-end, you can provide whitelisted IPs and CIDR ranges to restrict access to your API key from any requests not matching that IP or address range.


We're also working on a mechanism to limit the number of requests that can be sent for a specific operation within a billing period.

Top comments (0)