Security

In this article:

IP Filtering
User Agents
Authentication
Protocols

IP Filtering

When creating a new API Client, it is possible to set up IP filtering using CIDR blocks. This enables the licence administrator to only allow access from IP addresses within a certain range.

Example

The WISEflow production environment uses multiple IP addresses for communication, one of them being:

52.212.206.254

If I want to add an IP filter that only allows a single IP, use /32 as a suffix:

52.212.206.254/32

This indicates that all the 32 bits in the IP address are fixed.

Similarly, to add a range of seven IP addresses to a filter, use the /29 suffix indicating an IP range:

52.212.206.248
52.212.206.249
52.212.206.250
52.212.206.251
52.212.206.252
52.212.206.253
52.212.206.254

This indicates that only 29 bits in the IP address are fixed, providing a range of seven IP addresses that can be used. The same principle applies to subnets.

Calculating CIDR blocks: https://www.ipaddressguide.com/cidr

Wikipedia article on CIDR: https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing

User Agents

To prevent spam traffic and bad bots from using the WISEflow API, the following User Agents are blocked and user agent matching is enforced:

https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/blob/master/_generator_lists/bad-user-agents.list

https://github.com/Kong/kong/blob/master/kong/plugins/bot-detection/rules.lua

If you encounter any issues while using WISEflow API, please contact the UNIwise Support Team.

Authentication

We recommend using OAuth 2.0 Client Credentials. This ensures that access tokens are securely rotated.

Read more about authenticating with the API here.

Protocols

WISEflow API is only available through the use of HTTPS.