Create Static IP Rule
Create a new static IP rule that permanently whitelists a specific IP address or CIDR range across one or more resources. The IP rules are applied asynchronously to the specified resources.
Request
POST /static-ip-rules
Authentication
Requires an Admin Bearer JWT token.
Authorization: Bearer <access_token>
Request Body
{
"label": "Office Network",
"ipAddress": "203.0.113.0/24",
"resourceIds": [
"660e8400-e29b-41d4-a716-446655440001",
"770e8400-e29b-41d4-a716-446655440002"
]
}
Request Fields
| Field | Type | Required | Description |
|---|---|---|---|
label | string | Yes | Human-readable label for the rule |
ipAddress | string | Yes | IPv4 or IPv6 address or CIDR range |
resourceIds | UUID[] | Yes | Array of resource IDs to apply the rule to (must be non-empty) |
Response
Returns the created static IP rule object with initial resource application status.
Success Response
Status Code: 201 Created
Response Body:
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"label": "Office Network",
"ipAddress": "203.0.113.0/24",
"status": "PENDING",
"createdByEmail": "[email protected]",
"createdAt": "2026-02-18T10:30:00Z",
"resources": [
{
"resourceId": "660e8400-e29b-41d4-a716-446655440001",
"resourceName": "Production DB Security Group",
"status": "PENDING",
"appliedAt": null,
"errorMessage": null
},
{
"resourceId": "770e8400-e29b-41d4-a716-446655440002",
"resourceName": "API Server Security Group",
"status": "PENDING",
"appliedAt": null,
"errorMessage": null
}
]
}
Response Fields
| Field | Type | Description |
|---|---|---|
id | UUID | Unique identifier for the static IP rule |
label | string | Human-readable label for the rule |
ipAddress | string | IP address or CIDR range (IPv4 or IPv6) |
status | string | Overall status (typically PENDING immediately after creation) |
createdByEmail | string | Email of the user who created the rule |
createdAt | string | ISO timestamp of creation |
resources | array | List of resources where this rule will be applied |
resources[].resourceId | UUID | Resource unique identifier |
resources[].resourceName | string | Human-readable resource name |
resources[].status | string | Application status: PENDING, APPLIED, or FAILED |
resources[].appliedAt | string | ISO timestamp when rule was applied (null if pending) |
resources[].errorMessage | string | Error description if status is FAILED |
Errors
| Status Code | Error Code | Description |
|---|---|---|
400 | BAD_REQUEST | Invalid request body, missing required fields, or invalid IP address format |
401 | UNAUTHORIZED | Missing or invalid JWT token |
403 | FORBIDDEN | User does not have admin privileges |
404 | NOT_FOUND | One or more specified resources do not exist or do not belong to your organization |
422 | UNPROCESSABLE_ENTITY | Invalid IP address format or empty resource list |
Example
Request
curl -X POST https://api.entryguard.io/api/v1/static-ip-rules \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
-H "Content-Type: application/json" \
-d '{
"label": "Office Network",
"ipAddress": "203.0.113.0/24",
"resourceIds": [
"660e8400-e29b-41d4-a716-446655440001",
"770e8400-e29b-41d4-a716-446655440002"
]
}'
Response
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"label": "Office Network",
"ipAddress": "203.0.113.0/24",
"status": "PENDING",
"createdByEmail": "[email protected]",
"createdAt": "2026-02-18T10:30:00Z",
"resources": [
{
"resourceId": "660e8400-e29b-41d4-a716-446655440001",
"resourceName": "Production DB Security Group",
"status": "PENDING",
"appliedAt": null,
"errorMessage": null
},
{
"resourceId": "770e8400-e29b-41d4-a716-446655440002",
"resourceName": "API Server Security Group",
"status": "PENDING",
"appliedAt": null,
"errorMessage": null
}
]
}
Notes
- IP rules are applied asynchronously. Poll the rule status using
GET /static-ip-rules/{id}to monitor application progress. - The rule will persist across resource restarts and will be automatically reapplied if the underlying cloud resources are recreated.
- IPv6 addresses and CIDR ranges are fully supported.