Loading

Is it possible to Allowlist Domain instead of IP in API Manager Policies ?

Publish Date: Jul 25, 2025
Steps

QUESTION

Is it possible to Allowlist Domain instead of IP in API Manager Policies ?

ANSWER

In API Manager, we can only whitelist the IPs using IP allowlist policy. There is no OOTB policy available which allows users to whitelist the domain names.

ADDITIONAL INFORMATION

To whitelist domains in API Manager, you can achieve this functionality by combining existing policies. Here's a general approach you can follow:

1. Create a custom policy: You can create a custom policy that inspects the incoming request and checks the domain against a predefined whitelist. Refer policies-custom-getting-started

2. Apply the custom policy: Apply the custom policy to your API implementation in API Manager. Refer policies-custom-flex-getting-started

3. Implement domain whitelist logic: Within the custom policy, you can write the logic to extract the domain from the incoming request and compare it against the whitelist. If the domain is found in the whitelist, allow the request to proceed; otherwise, reject or block the request. Refer policies-custom-package and policies-custom-upload-to-exchange

4. Customize error responses: If a request is rejected due to an unauthorized domain, you can customize the error response returned to the client.


Note: Mulesoft Support would not be able to provide assistance to develop the custom policy.
Knowledge Article Number

001116102

 
Loading
Salesforce Help | Article