The endpoint for managing denylists is /security/advanced. You can use this endpoint to retrieve or replace the entire denylist. To add or remove individual URLs to or from the denylist, use the security/advanced/blacklistUrls endpoint. The endpoint for managing allowlists is /security. You can use this endpoint to retrieve or replace the entire allowlist. However, you cannot add or remove individual URLs to or from the allowlist.

You can add up to 25,000 custom URLs and IPs across all categories (custom and predefined) and your organization's custom denylist and allowlist. For additional information on policy enforcement and prioritization of denylists, see About Policy Enforcement.

Managing a Denylist

To update your custom denylist:

1. (Optional) Get the current denylist by sending a GET request to /security/advanced.
2. Modify the denylist's information by sending a PUT request to /security/advanced, and including all of the proper URLs to denylist in the Body. This action completely replaces the previous denylist.
3. Activate the changes to your configuration.

To add or remove a URL from a denylist:

1. (Optional) Get the current denylist by sending a GET request to /security/advanced.
2. Modify the denylist's information by sending a POST request to /security/advanced/blacklistUrls, with the action parameter set to ADD_TO_LIST or REMOVE_FROM_LIST, including all of the proper URLs in the Body.
3. Activate the changes to your configuration.

To learn more about the endpoints, see Security Policy Settings in the API Reference.

Managing an Allowlist

To update your custom allowlist:

1. (Optional) Get the current allowlist by sending a GET request to /security.
2. Modify the allowlist's information by sending a PUT request to /security, and including all of the proper URLs to allowlist in the Body. This action completely replaces the previous allowlist.
3. Activate the changes to your configuration.

To learn more about the endpoints, see Security Policy Settings in the API Reference.