IP-Based Access Restrictions

July 25, 2022

On this page

Account administrators can turn on a restriction that only users from a whitelisted set of IP addresses are allowed to access Erply. With this feature, employees can be prevented from logging into Erply from home, or from elsewhere outside the company premises.

Users from non-whitelisted IP addresses will still be able to see the login page, but they won’t be able to log in. API authentication requests will return error code 1201.

Exclusions

The following users/applications are always able to access Erply, even if their IPs are not in the whitelist:

  1. Administrators. An administrator is a user who has access to account configuration (including the whitelist itself). This is to prevent lock-out issues.
  2. Certain Erply's own applications, such as webshop sync services. (When you enable the IP-address based restriction, webshop integrations must remain working, without you having to know which IP address this Erply service is currently running on.)

Configuration

There are two settings:

  1. An option to disable or enable the feature.
  2. A list of IP’s that are whitelisted (each entry can also have a comment).

Back office

In back office, the settings are located at Settings > Configuration, under "IP Whitelisting”.

The list of IP’s is a new line separated list. You can add a comment for an entry by adding “#” after the IP followed up by the comment. Note that the comments are optional.

100.10.10.1 # Primary shop
100.10.10.2

Duplicate IP entries will not be saved.

API

Api exposes 2 requests to manage the configuration.

getIPWhitelistSettings

Use this request to get the current configuration.

saveIPWhitelistSettings

Saves new IP whitelist configuration. This data will always overwrite existing settings, meaning that if the saved data does not contain an IP address that is currently configured then that will be removed. It’s recommended to always use the getIPWhitelistSettings prior to saving settings if not sure what settings should be there.

This request requires 2 fields:

  • ipWhitelistEnabled - integer value 0 or 1
  • Ips - String value. Content should be valid json in the following structure. Comments are optional.
[{"ip":"100", "comment":"test"}, {"ip":"102"}]

Server-side applications using Erply API

When you enable the restrictions, you also need to whitelist the IP addresses of all scripts and services that interact with API.

As mentioned above, Erply's first-party integrations and services can be exempted from that requirement. 

  • If you are a member of a team maintaining such an integration, please get in touch with Erply back office team to add your application to the whitelist. Your application must use a partner key for all API calls.
  • If you are an Erply user, and you turn on the restriction and notice that an application outside your control is no longer working, please notify Erply.