Skip to main content

Set the org's IP-allowlist + session-security policy

PUT 

/api/v1/organizations/current/security-policy

Configure IP allowlist + session security. Admin/owner only.

Enabling the IP allowlist (ip_allowlist_enabled=true) is admission-gated behind release_session_policy (404 when off) and requires at least one valid CIDR block. Each entry is normalized to canonical CIDR form; a malformed entry is a 400. Disabling is always allowed.

Self-lockout protection: when the allowlist is enabled, the admin making the change must be calling from an IP that the new allowlist admits otherwise the change would immediately lock the configuring admin (and every other admin on that network) out of the org. Such a request is rejected with a 422 so the misconfiguration never lands.

Request

Responses

Successful Response