What do you mean by API Security?

API SECURITY


It is an option that allows you to send your messages only through whitelisted IPs via API.


If API security is enabled and you try to send the SMS via any other IP then those requests will be rejected with error code 418. 


Let us begin with how you can enable the API Security in your account -


1. Log in to the MSG91 panel and select the Authkey option from the username dropdown. You can also access this dropdown from the bottom left if you are inside any service dashboard.



2. Enter the registered mobile number and verify with the OTP you will receive on the registered number.



3. Select the Authkey option from the sidebar. Select the checkbox for enabling additional API security.



3. Now, if you have enabled the Additional Security option. Enter at least one IP here. And press Yes on the popup window.


4. To whitelist more IPs, enter the IP address & click on Whitelist button.



NOTE:-


-> We support IPV6 & IPV4 addresses both. Eg: 2001:db8:3333:4444:5555:6666:7777:8888 (IPV6), 192.0. 2.146 (IPV4)


-> We strongly recommend you to keep it enabled as this provides an extra layer of security to your account.


-> If still you do not wish to have this security feature, you can disable it by removing the checkmark on the "ENABLE ADDITIONAL SECURITY" option. 

By doing so, the API will be called by any IP address that is not whitelisted, and MSG91 cannot be held liable for any spamming/fraudulent activities using the API.





How to check from which IP the API requests are failing -


1.  Goto the SMS section from your MSG91 Dashboard.



2. Select the Failed Logs section from the sidebar. The list of IPs by which the APIs got failed & you received the 418 error code is also available on the MSG91 Dashboard that you can copy & whitelist under Authkey section. 



2. We always send alerts on your registered mail ID as well as mobile number, when the API gets failed with 418 error i.e. API security is enabled and you try to call the API via any other IP then, those requests will be rejected.


Note:-


-> We also send alerts on the registered email ID when any changes been made in API security option of your MSG91 account that is new IP is Added, any IP is Deleted, Additional Security is Enabled, and Additional Security is Disabled.