I use the M2M client creds flow to enable customer to create their own API keys for the API.
For each API key, customer can specify an optional IP whitelisting. I put the whitelisted IP addresses in app metadata and then use the following Action to check IP whitelisting.
exports.onExecuteCredentialsExchange = async (event, api) => {
if(event.client.metadata.ip_whitelist){
const whitelist = event.client.metadata.ip_whitelist
if (!whitelist.includes(event.request.ip)) {
api.access.deny('invalid_request', "Access from your IP address is not allowed.");
}
}
};
This works for individual IP addresses, i.e, if client put 3.3.4.4, 8.8.8.8 in whitelisted IPs. However, I couldn’t figure out how to support CIDR ranges, i.e, allowing customer to put in 3.3.4.0/24 as range.
Any help/suggestions are much appreciated.