IP Lists

This PubIic Stable API can get, create, update, and delete IP lists.

IP lists can be used in rules to define sets of trusted IP addresses, IP address ranges, or CIDR blocks allowed into your data center that are allowed to access workloads in your network.

IP Lists API

Functionality	HTTP	URI
Get a collection of IP lists	`GET`	`[api_version][org_href]/sec_policy/draft/ip_lists`
Get an individual IP list	`GET`	`[api_version][ip_list_href]`
Create an IP list	`POST`	`[api_version][org_href]/sec_policy/draft/ip_lists`
Update an IP list	`PUT`	`[api_version][ip_list_href]`
Delete an IP list	`DELETE`	`[api_version][ip_list_href]`

Active vs Draft

This API operates on provisionable objects, which exist in either a draft (not provisioned) state or an active (provisioned) state.

Provisionable items include label groups, services, rulesets, IP lists, virtual services, firewall settings, enforcement boundaries, and virtual servers. For these objects, the URL of the API call must include the element called :pversion, which can be set to either draft or active.

Depending on the method, the API follows these rules:

For GET operations — :pversion can be draft, active, or the ID of the security policy.
For POST, PUT, DELETE — :pversion can be draft (you cannot operate on active items) or the ID if the security policy.

Get IP Lists

This API allows you to get a collection of IP lists or a single IP list from an organization.

By default, the maximum number returned on a GET collection of IP lists is 500. If you want to get more than 500 IP lists, use Asynchronous GET Collections.

URI to Get Collection of IP Lists

GET [api_version][org_href]/sec_policy/draft/ip_lists

URI to Get an Individual IP List

GET [api_version][ip_list_href]

Create an IP List

This API allows you to create IP lists (allowlists) that can be used to create rules in rulesets. An IP list can contain a single IP address or an IP address range.

Warning

Please be aware of the following:

0.0.0.0/0 means 0-255 . 0-255 . 0-255 . 0-255 or all possible IP addresses.

0.0.0.0 without the trailing "/0", means a single IP (not ANY IP). This is a rare but sometimes needed object, specifically for DHCP Discovery.

0.0.0.0, when used improperly, might trigger an error, prevent the list from being accepted, and consequently block traffic.

Use the correct syntax for the intended purpose.

URI to Create an IP List

POST [api_version][org_href]/sec_policy/draft/ip_lists

IP Lists Reference

This topic provides properties, parameters, and examples for IP lists.

Query parameters and properties for IP lists

Parameter	Description	Type	Required
`org_id`	Organization	Integer	Yes
`pversion`	Security Policy Version	String	Yes
`description`	Description of IP list(s) to return. Supports partial matches	String	No
`external_data_set`	The data source from which the resource originates. For example, if this workload information is stored in an external database.	String	No
`external_data_reference`	A unique identifier within the external data source. For example, if this workload information is stored in an external database.	String	No
`ip_address`	IP address matching the IP lists to return. Supports partial matches.	String	No
`fqdn`	IP lists matching FQDN. Supports partial matches	String	No
`max_results`	The maximum number of results you want to return when using the GET method. The maximum limit for returned IP lists is 500.	Integer	No
`name`	Name of IP list(s) to return. Supports partial matches	String	No
`ip_list_id`	IP list ID (for `[api_version][ip_list_href]`	String	Yes
`ip_list_attribute`	`GET`: Allow filtering IP Lists that have an attribute assigned. `POST`: Specify which attribute should be linked to an IP List. `PUT`: Specify which attribute should be linked to an IP List.	String	No

REST APIs 25.1 Developer Guide