Cookie consent

We use some essential cookies to make this website work. We'd like to set additional cookies to help us measure your experience when you view and interact with the website.

Cookie policy

API key security

Postcoder provides enhanced security options for your API key to help you safeguard your account.

Security options

API key accessOption
Rate-limitedAny IP address (default)

Any IP address can make up to X requests every 5 minutes. You choose a value for X between 1 and 50, the default is 5 requests.

Useful for client-side integrations where you don't know the IP address (e.g. you've integrated Postcoder into a mobile phone app).
Any IP address on trusted websites

As above plus each request must originate from a website that exists on your trusted website URL list.

Postcoder checks the HTTP referer of the request, which is usually automatically set by the web browser.

Useful for client-side integrations that run on your website using JavaScript.
TrustedTrusted IP addresses only

Only IP addresses that exist on your valid IP address list can make requests.

Useful for server-side integrations that run on servers or compute platforms with a known IP address range.

Manage the security settings for your API key or contact support if you need any help or advice.

Firewalls and security layers

You can allow Postcoder through your firewall and security layers by allow-listing the domain of

We do not recommed allow-listing by IP address since Postcoder is load-balanced across multiple IP addresses which change frequently.