IP Lists

This Public Stable API can get, create, update, and delete IP lists.

IP lists can be used in rules to define sets of trusted IP addresses, IP address ranges, or CIDR blocks allowed into your data center to access workloads in your network.

IP Lists API

Functionality	HTTP	URI
Get a collection of IP lists	`GET`	`[api_version][org_href]/sec_policy/draft/ip_lists`
Get an individual IP list	`GET`	`[api_version][ip_list_href]`
Get a list of IP List attributes.	`GET`	`[api_version][org_href]/ip_list_attributes`
Create an IP list	`POST`	`[api_version][org_href]/sec_policy/draft/ip_lists`
Create a list of IP attributes.	`POST`	`[api_version][org_href]/ip_list_attributes`
Update an IP list	`PUT`	`[api_version][ip_list_href]`
Upsert IP lists in bulk via CSVs.	`PUT`	`[api_version][org_href]/sec_policy/ip_lists_bulk_upload`
Delete an IP list	`DELETE`	`[api_version][ip_list_href]`

Active vs Draft

This API operates on provisionable objects, which exist in either a draft (not provisioned) state or an active (provisioned) state.

Provisionable items include label groups, services, rulesets, IP lists, virtual services, firewall settings, enforcement boundaries, and virtual servers. For these objects, the URL of the API call must include the element called :pversion, which can be set to either draft or active.

Depending on the method, the API follows these rules:

For GET operations — :pversion can be draft, active, or the ID of the security policy.
For POST, PUT, DELETE — :pversion can be draft (you cannot operate on active items) or the ID if the security policy.

Get IP Lists

This API allows you to get an organization's collection of IP lists or a single IP list.

By default, the maximum number returned on a GET collection of IP lists is 500. If you want to get more than 500 IP lists, use Asynchronous GET Collections.

URI to Get Collection of IP Lists

GET [api_version][org_href]/sec_policy/draft/ip_lists

URI to Get an Individual IP List

GET [api_version][ip_list_href]

Create an IP List

This API allows you to create IP lists (allowlists) that can be used to create rules in rulesets. An IP list can contain a single IP address or an IP address range.

Warning

Please be aware of the following:

0.0.0.0/0 means 0-255 . 0-255 . 0-255 . 0-255 or all possible IP addresses.

0.0.0.0 without the trailing "/0", means a single IP (not ANY IP). This is a rare but sometimes needed object, specifically for DHCP Discovery.

0.0.0.0, when used improperly, might trigger an error, prevent the list from being accepted, and consequently block traffic.

Use the correct syntax for the intended purpose.

URI to Create an IP List

POST [api_version][org_href]/sec_policy/draft/ip_lists

Bulk Upload of IP Lists

This API allows customers to upsert IP lists in bulk via CSVs.

{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "description": "IpList bulk_update",
  "type": "array",
  "maxItems": 1000
}

Non-Corporate Public IP Addresses

The API sec_policy/rule_coverage supports non-domain interfaces.

Table 7. Security Policy Rule Coverage

Security Principals Methods	HTTP	URI
Get Security Principals	`POST`	`[api_version][org_href]/sec_policy/rule_coverage`

Illumio REST APIs 25.4