Comment on page

Configure Allowlist

This tutorial will guide you through the process of managing your allowlists


The Allowlist feature provides a simple and effective solution to manage access to your endpoints and limit API traffic based on IP and domain, preventing unauthorized access and enhancing the security of your projects.
For instance, you can allow access to the project exclusively from the IP address of your office network. Any other request from a different IP will be Unauthorized.


  • A compatible wallet for the blockchain network installed on your device, such as MetaMask browser extension or any wallet supporting the Wallet Connect protocol on your phone or laptop.
  • Login already performed on Consumer APP
  • Project already created as mentioned in this section

How to use Allowlist feature:

  1. 1.
    Navigate to the Dashboard page and select your project.
Blast Dashboard
  1. 2.
    Click on the gear icon on the top right corner to expand Project Settings.
Blast project
  1. 3.
    Provide the domain or IP address you wish to include in the allowlist, and then click the "Add" button to proceed
Project settings section - Allowlist
Please make sure that the IP address you enter matches to either the IPv4 or IPv6 format, depending on your configuration.
Once you have successfully added a domain to the allowlist, it is essential to incorporate the Access-Control-Allow-Origin header into your requests. Set the value of this header to your allowlisted domain, specifying that the resource can only be accessed from that particular origin. For instance:
Note: You can add up to 20 domains and 20 valid IP addresses.
  1. 4.
    Click Update project button to save your changes.
Project settings section

Troubleshooting Allowlist errors:

If you encounter authorization issues after adding IP addresses or domains to your allowlist please follow these troubleshooting steps first:
  1. 1.
    Ensure that the IP address you're entering is in either IPv4 or IPv6 format, based on your configuration.
  2. 2.
    Ensure that you include the allowlisted domain as the value of the Access-Control-Allow-Origin header. This header allows requests from the specified domain to access the resource.