Restrict API access by IP address

Restrict access to the Sigma API for your organization by adding IP addresses to an allowlist. When you enable the allowlist and add IP addresses or IP address ranges using CIDR notation, only users making requests from allowed IP addresses can make successful API requests.

📘

If you use a proxy server or VPN to access the internet, talk to your network team before adding IP addresses.

Requirements

You must be assigned the Admin account type.

Add IP addresses to the allowlist

To restrict access to the public Sigma API endpoints, add IP addresses to an allowlist:

  1. Open the Admin Portal by selecting Administration in the user menu at the top right of your screen.

  2. In the left panel, select Authentication.

  3. In the IP address section, turn on the Restrict switch to enable the allowlist.

  4. Select Enable to confirm that you want to start using the allowlist.

    📘

    By default, the allowlist includes an IPv4 address and an IPv6 range to permit access from the public internet: 0.0.0.0 and ::/0.

  5. Add an IP address or range:

    1. In the IP address section, select Add.
    2. In the Add IP modal, add one or more IP addresses or ranges at a time:
      1. To add one IP address or IP address range using CIDR notation to the allowlist, for IP address or CIDR range, enter the IP or range. Optionally add a description.
      2. To add a comma-separated or space-separated list of IP addresses or IP address ranges using CIDR notation, turn on the Bulk add IPs switch and enter the list in the text box.
    3. Click Save.
  6. To add more IP addresses or ranges, select Add. You can add up to 200 addresses or CIDR ranges in total.

  7. After you finish adding IP addresses and ranges to the allowlist, remove the default IP address and range:

    1. Search for 0 or locate the default IP address and range in the list.
    2. For each IP that you want to remove, select More > Remove.

The allowlist takes effect within a few minutes. Any new IP address added after enabling the allowlist also takes effect within a few minutes.