# API Key IP Whitelisting Policy

To enhance the security of your integrations, Nomsa now supports IP whitelisting for all API keys.

#### For New API Keys (Created on or after June 16)

IP whitelisting is mandatory for all newly generated API keys.

* You must provide at least one valid IPv4 address when creating a new key [visit](/api-guide/overview/generate-your-api-key.md#generate-your-api-key).
* API keys will not be active or usable until a valid IP address is added to the whitelist.

#### &#x20;For Legacy API Keys (Created before June 16)

* Existing (legacy) API keys will continue to function without IP restrictions.
* However, for enhanced security, you are encouraged to manually enable IP whitelisting. [visit](/api-guide/overview/api-key-ip-whitelisting-policy.md#config-ips-for-legacy-key).
* Once IP whitelisting is enabled, the API key will only accept requests from the specified IP addresses.

### IP Whitelisting Rules and Limitations&#xD; Rule Details

| Rule                     | Details                                                       |
| ------------------------ | ------------------------------------------------------------- |
| Format                   | Only **IPv4 addresses** are supported (e.g., `192.168.1.100`) |
| Maximum allowed          | Up to **20 IP addresses per API key**                         |
| Legacy Key Support       | Optional – Can be configured manually                         |
| Duplicate prevention     | Duplicate IPs are not allowed                                 |
| Range support            | CIDR notation and IP ranges are not supported                 |
| Requirement for New Keys | Yes – At least one IP must be added during key generation     |

{% hint style="info" %}
Note: Always update your whitelist when your server IP changes to ensure continued access.
{% endhint %}

### How to Configure IP Whitelist for Legacy API Keys&#xD; <a href="#config-ips-for-legacy-key" id="config-ips-for-legacy-key"></a>

Navigate to API Keys `Settings`  section in your account. Locate your  `Legacy API Keys` and click **`Edit`**, scroll to the **`IP Whitelist`** section. Click **`Add New`** and enter up to **20** IPv4 addresses.  Click **`Update Key`** to save and apply the changes.

<figure><img src="/files/ucqTsj95rXsQDKU9N5m3" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
Once configured, the legacy API key will accept requests only from the specified IP addresses.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://guide.nomsa.gov.kh/api-guide/overview/api-key-ip-whitelisting-policy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.