# IP Access Control
IP Access Control is used to deny specific users or API calls from accessing resources in a group. This is done by applying rules based on IPv4 or IPv6 addresses, similar to configuring access lists on a router.

IP Access control would typically be implemented if you want to prevent all users or specific users from accessing documents outside of their assigned place of work.

{% callout type="note" title="Note" %}Xtracta does not have the capability to detect the use of VPNs{% /callout %}

**IP Access Control**  is accessed from the admin page using Admin ---> IP Access Control:

{% customImage src="/api/serve/admin-ip-access-1761871766833-l3arw.png" alt="admin-ip-access-1761871766833-l3arw" /%}

Click Add New Rule to configure a restriction:

{% customImage src="/api/serve/ip-access-addrule-1761871872374-cvxjr.png" alt="ip-access-addrule-1761871872374-cvxjr" /%}

Choose a rule for specific users or for API Keys. For specific users, there are two rules to follow:
- The user must be assigned to the group (Users that are not assigned to the group, by default, do not have access)
-  Administrators cannot be restricted. If you have a user that is an administrator but you want to restrict their access, you must first change them to be a general user in the group. Users can be administrators in one group and general users in others.

## Configure the User Restriction rule
First, create the deny all IP Address rules for the user for all IPv4 addresses. You can select all IP address or specific IP addresses. Similarly, you can all users or specific users. 

{% customImage src="/api/serve/ip-access-deny-1761872391586-nm47q9.png" alt="ip-access-deny-1761872391586-nm47q9" /%}
Save the rule, then add a similar rule for IPv6. Finally, add an allow rule. Once all three are saved, it will look similar to this:

{% customImage src="/api/serve/ip-rules-1761873288243-mmruw4.png" alt="ip-rules-1761873288243-mmruw4" /%}

{% callout type="note" title="Note" %}
Rules are processed in order displayed. Once an allow rule is found that is applicable, the user will be permitted access.
{% /callout %}

If the user attempts to access the workflow, all links in the workflow are removed and they will receive this message:

{% customImage src="/api/serve/ip-access-blocked-1761873406440-bppsl.png" alt="ip-access-blocked-1761873406440-bppsl" /%}
Or this message depending on the menu page they are on:

{% customImage src="/api/serve/ip-403-error-1761874534986-qpgce9.png" alt="ip-403-error-1761874534986-qpgce9" /%}

## Configure API Key restrictions

Restrictions for API keys are applied in the same manner as those rules for a user. In this example, the group has two API keys:

{% customImage src="/api/serve/ip-access-api-keys-1761874113396-p1d5t9.png" alt="ip-access-api-keys-1761874113396-p1d5t9" /%}

If an API key that is denied access is used, the API response will be:

{% customImage src="/api/serve/ip-api-403-error-1761875843564-prp9w4.png" alt="ip-api-403-error-1761875843564-prp9w4" /%}

{% callout type="note" title="Note" %}
It is recommended to account for both IPv4 and IPv6 addresses in the rules.
{% /callout %}

IP Access Control

Logging In

Overview

Home Page

Supported Languages

Get started

My Account

Workflow Overview

Uploading Documents

ELS Overview

Splitting Pages

Engine Learning Screen

New ELS Overview

Edit Document and Pages

Change Field Highlight Color

Learn & Extract

Learn & Extract (Previously Auto Line Extraction )

New Engine Learning Screen (New ELS)

User Manual

Get Document(s)

Update Document

Upload Document

Open Document UI

Open Document Upload UI

Open Reassign Pages

Documents

Get Tracking

Update Tracking Status

Tracking

Open Dashboard

Open Tracking Dashboard

Dashboard

Get Databases

Update Column

Add Database

Update Database

Delete Database

Get Columns

Add Column

Get Data

Delete Column

Add Data

Update Data

Delete Data

Database

Provisioning

Open Billing UI

Get Billing History

Get Plans

Get Usage

Order Pack

Renew/Upgrade/Downgrade Plan

Billing

Get Workflow

Update Workflow

Add Workflow from Template

Clone Workflow

Workflow

Add Group

List Group

Delete Group

Group

Get User

Add User

Update User

Delete User

Get Login Token

Authorize

User

Announcements

API Manual

Billing Settings

General Settings

Groups

OCR Override

Time Alerts

Confidence

Extraction & Classification

Clone a workflow

Reassignment / Output Non-API

Conditions

Permissions

Auto Deletion

AI Data Transformation

Fields

Transformation Order

Advanced Transformation

Workflow Details

Strip & Replace Rules

Creating a workflow

Input & Document Flow

Extraction Helper

Advanced Validation

Workflows

Users

Admin Manual

Databases

Client Applications

Client Push Application

Applications

Alerts

Single Sign On (SSO)

Peppol Participants

General FAQs

Why is a document locked?

Which URL`s are needed for Xtracta to go through a firewall?

What type of documents are accepted by Xtracta?

What is a workflow?

What are the different statuses for a document?

What are the status for a document?

What does training a document mean?

What are the options when a document is selected?

What is Regex?

How does a document get a class and a designn?

How does a document get a class and a design?

How many pages and Line Items can Xtracta process?

Frequently Asked Questions

IP Access Control

Configure the User Restriction rule

Configure API Key restrictions

Was this page helpful?