IP Whitelisting adds an extra layer of security to your Payluk account by restricting API access to specific, trusted IP addresses. When IP Whitelisting is enabled, only requests originating from whitelisted IP addresses will be allowed to access Payluk APIs using your secret key.
Any request made from a non-whitelisted IP address will be automatically rejected.
How IP Whitelisting Works
- IP Whitelisting is applied at the API key level
- Only whitelisted IP addresses can make authenticated requests
- Requests from unapproved IPs will fail, even if the API key is valid
- This feature helps prevent unauthorized access if an API key is compromised
Enabling IP Whitelisting
To whitelist an IP address on Payluk:
-
Log in to your Payluk account
👉 https://app.payluk.ng -
Navigate to Account Settings
-
Open the Whitelist IP tab
-
Add the IP address you want to allow
-
Save your changes
Once saved, Payluk will only accept API requests from the whitelisted IP address(es).
Important Notes
- You can whitelist multiple IP addresses
- Both IPv4 and IPv6 addresses are supported
- Changes take effect immediately
- Removing all whitelisted IPs disables IP restriction
Best Practices
- Whitelist only static server IP addresses
- Avoid whitelisting dynamic or residential IPs
- Add IPs for all environments (production, staging, workers)
- Keep at least one trusted IP whitelisted to avoid lockout
Common Issues
- Requests returning
403 Forbiddenmay indicate a non-whitelisted IP - Ensure your server’s outbound IP matches the whitelisted IP
- If using cloud providers, confirm the correct egress IP
IP Whitelisting helps ensure that only authorized systems can interact with your Payluk account, significantly reducing the risk of unauthorized API access.