It is now possible to protect your API-KEY by associating it with a list of IP
addresses or Domains
authorized to call the API. This can be very useful in Javascript applications where your API-KEY can be visible depending on your applications.
To set this up go to your profile: dashboard.api-football.com/profile?access
You will find here all the IP addresses and Domains that you will have authorized.
To add one, just enter the IP / Domain in the field provided for this purpose and click on ADD. This will take effect immediately.
This works for all the APIs available on the dashboard.
HOW IT WORKS ?
- If you leave it empty, no restrictions will be put in place and any IP address or Domains can call the APIs with your API-KEY.
- In case you add IP addresses / Domains, only these will be able to call the APIs with your API-KEY. If you do not have a complete list of IP addresses / Domains that your application or website can use, it is better to leave these values empty.
If you do not have a complete list of IP addresses / Domains that your application or website can use, it is better to leave these values empty.
Here is an example of the API response if you call the API from an IP address that is not listed :
"get": null,
"parameters": [],
"errors": {
"Ip": "This IP is not allowed to call the API, check the list of allowed IPs in the dashboard."
},
"results": 0,
"response": []