# IP Restrictions

To enhance security, the Bermuda Commercial Bank RESTful Open Banking API supports **IP address whitelisting**. This ensures that only requests originating from approved IP addresses are permitted.

## 🔐 How It Works

When IP restrictions are enabled, only calls originating from **authorized IP addresses** can access the API. Any request from an unapproved source will be blocked automatically.

## ⚙️ Configuring IP Restrictions

You can configure IP restrictions by submitting a list of allowed IP addresses during your API client setup.

- Multiple IPs or CIDR blocks can be registered.
- Any request from an IP not on the list will be rejected.


If a request is made from a non-authorized IP address, the API will respond with a **403 Forbidden** error.

## ❌ Example Error Response


```json
{
  "error": "IP address not allowed"
}
```