Manage GUI whitelist rows (not IP-authenticated device rows from mor_ipauth_whitelist.txt) via MOR API v2. Behaviour matches Security → Monitorings → Whitelisted IPs in the GUI: the same validation rules apply (single IP, CIDR, or range; up to about 125 addresses per range). Changes take up to about one minute to apply on servers.

All endpoints require a valid Bearer token, accountant monitorings_manage (read for list, write for create/update/delete), and the matching v2_whitelisted_ips_* API method permission.

These endpoints do not enforce Restrict API access by IP on themselves (so you can configure allow rules while restriction is on). Other v2 routes still enforce client IP when restriction is enabled.

Quick start

1. List active and pending whitelist rows

curl -s -H "Authorization: Bearer $TOKEN" \

 "https://your-mor.example/api/v2/whitelisted_ips?search_ip=203.0.113.&from=1&max_results=50"

1. Whitelist a subnet and allow API access (auto-adds caller IP if needed)

curl -s -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \

 -d '{"ip":"198.51.100.0/24","server_id":1,"api_access_allowed":true}' \
 "https://your-mor.example/api/v2/whitelisted_ips"

Endpoints

JSON fields (list item)

• id, ip, server_id, server_label, reason
• api_access_allowed (boolean)
• status: active, pending_add, pending_remove

Client IP behind a proxy

Auto-ensure and meta.caller_ip use the Rails client IP (request.remote_ip). If MOR sits behind a reverse proxy, ensure the proxy forwards the real client address (for example X-Forwarded-For) so auto-ensure matches the integrator’s egress IP.

See also

• Whitelisted IPs — GUI and Allow API access
• Configuration from GUI — Restrict API access by IP
• MOR API v2 — authentication and ACL
• Blocked IPs — block list (separate API)