You can set the SuperTokens core's config such that it accepts / denies requests that originate from certain IPs. This can be used to make sure that only your backend is able to query the SuperTokens core - increasing the security.
docker run \ -p 3567:3567 \ -e IP_ALLOW_REGEX="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" \ -d registry.supertokens.io/supertokens/supertokens-<db_name>
# You need to add the following to the config.yaml file.# The file path can be found by running the "supertokens --help" command ip_allow_regex: 127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1
The above will only allow requests that originate from an IP that matches
127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1 regular expression. A breakdown of this regex is:
127\.\d+\.\d+\.\d+: IPs that start with
::1: IPv6 from localhost; OR
0:0:0:0:0:0:0:1: IPv6 from localhost
In this way, we allow requests only from localhost and for other requests, the core will return a
403 status code. If instead you want to allow a list of IP addresses that correspond to your backend server's IP address, you can set this value to
IP1|IP2|IP3... - for example:
If this value is not set, then the core will allow requests from any IP address.
This is the opposite of the above config. If you only set this, the core will allow requests from any IP other than the one that matches the regular expression corresponding to this setting..
docker run \ -p 3567:3567 \ -e IP_DENY_REGEX="18.104.22.168" \ -d registry.supertokens.io/supertokens/supertokens-<db_name>
# You need to add the following to the config.yaml file.# The file path can be found by running the "supertokens --help" command ip_deny_regex: 22.214.171.124
The above setting will make the core accept requests from any IP other than
126.96.36.199, it will return a
In this case, the core will allow requests only based on the value of
ip_allow_regex, as long that request's IP doesn't match the regex of
ip_deny_regex. For example, if you set
ip_allow_regex: IP1|IP2 and
ip_deny_regex: IP1, then the core will accept requests only from
For managed service, please navigate to your dashboard and go to the edit configuration section to set this value.