How to allow/deny list of IPs per user

This document describes the steps for setting up allow/deny lists of IPs per user using Firebolt’s REST API. This is a temporary API that will be replaced with SQL in the future.

In order to set up allow/deny lists of IPs per user, follow these steps:

  1. Receive a token for your user. The user should have an account admin role in the needed account:

    curl --location --request POST ''\--header 'Content-Type: application/json' \--data-raw '{    "password": "<password>",    "username": "<email>"}'
  1. Get the id of your account:

curl '<ACCOUNT_NAME>'--header 'Authorization: Bearer <TOKEN>'

    and the id of the user for which you want to set up the IP allow/deny list:

  • Get all user ids for your account first:

curl '<ACCOUNT_ID>/accountMembers'--header 'Authorization: Bearer <TOKEN>'
  • Get all users data:

curl --request POST '' \--header 'Content-Type: application/json' \--header 'Authorization: Bearer <TOKEN>' \--data-raw '{    "user_ids": ["<USER_ID1>", "<USER_ID2>", ...]}'

The response contains a list of all users which can be filtered by email or any other user data to get the id of the specific user.    

  1. Set IP allow/deny lists for a given user. For example to allow access from, use the below request:

curl --request PATCH '<account_id>/accountMembers/<user_id>:setIPAllowDenyLists' \--header 'Content-Type: application/json' \--header 'Authorization: Bearer <token>' \--data-raw '{    "allow_list": [""],    "deny_list": []}'

You can also use the CIDR notation instead of a single IP:

curl --request PATCH '<account_id>/accountMembers/<user_id>:setIPAllowDenyLists' \--header 'Content-Type: application/json' \--header 'Authorization: Bearer <token>' \--data-raw '{    "allow_list": [""],    "deny_list": []}'

Every request will overwrite existing allow/deny lists. To change the lists, you need to get the existing ones first by getting user data, updating them, and sending the request.    

Fetch user data:

curl '<user_id>' \--header 'Content-Type: application/json' \--header 'Authorization: Bearer <token>'

  The response looks like this:

{    "user": {        "id": "87983b73-73a3-4594-889e-d879422cdcd9",        ...        "ip_allow_list": [""],        "ip_deny_list": []    }}

  • To clear both settings, you must set both lists as empty:

curl --request PATCH '<account_id>/accountMembers/<user_id>:setIPAllowDenyLists' \--header 'Content-Type: application/json' \--header 'Authorization: Bearer <token>' \--data-raw '{    "allow_list": [],    "deny_list": []}'