Controlling access to HCP through the management API
You configure HCP to enable and disable the HCP management API and to control access to the API at both the system level and the tenant level.
To allow system-level users to access the management API for the HCP system to create, modify, and delete tenants and manage replication, the API must be enabled at the system level. To allow tenant-level and system-level users with administrative access to a specific HCP tenant to access the management API for that tenant, the API must be enabled at both the system and tenant levels.
You can access the HCP management API using a system-level URL (that is, a URL that starts https://admin...) only if at least one of your client IP addresses is allowed to access the management API for the HCP system. You can access the HCP management API using a tenant-level URL (that is, a URL that starts https://tenant-name...) only if at least one of your client IP addresses is allowed to access the management API for the HCP tenant specified in the URL.
You use the Management API page in the HCP System Management Console to enable the HCP management API at the system level and to configure HCP to control access to the management API for the HCP system. To display this page, in the top-level menu of the System Management Console, select
.Enabling the HCP management API
You can enable the HCP management API at the system level and configure HCP to control access to the management API for the HCP system, on the Management API page.
Before you begin
Procedure
Go to the Management API Settings section.
Select Enable the management API.
Click Update Settings.
Specifying IP addresses to be allowed access to HCP
You can specify IP addresses to be allowed access to HCP through the management API.
Before you begin
Procedure
Click the Allow tab.
Follow the instructions in Adding and removing entries in Allow and Deny lists.
Specifying IP addresses to be denied access to HCP
You can specify IP addresses to be denied access to HCP through the management API.
Before you begin
Procedure
Click the Deny tab.
Follow the instructions in Adding and removing entries in Allow and Deny lists.
To specify how HCP should handle access requests from IP addresses that appear in both or neither of the Allow and Deny lists, select or deselect Allow request when same IP is used in both lists. Changes to this option take effect immediately.