To enhance the security of API integrations, Klarna supports IP address restriction, allowing partners to define an allow-list of IP addresses from which requests are permitted. All requests originating from outside the defined list will be blocked.

Acquiring Partners can specify up to 100 IP addresses, including both IPv4 and IPv6 formats, as part of this restriction policy. When enabled, Klarna validates every incoming API request against the configured IP list.

• Reach out to your Klarna account manager to request activation of the IP address restriction and provide the list of public IP addresses to be authorized for API access.
• After that, Klarna enables the feature in validation mode, and your API responses will include the HTTP header Klarna-Ip-Validation-Status with one of the values: ALLOWED, DENIED, or INVALID.
  • ALLOWED : The request came from an allowed IP address. No action needed.
  • DENIED : The request came from a non-whitelisted IP. Verify the source IP is correct and included in your submitted list.
  • INVALID : A technical error occurred during IP validation. Contact your Klarna account manager for assistance.
• When confirmed that all expected requests return Klarna-Ip-Validation-Status: ALLOWED, notify your Klarna account manager to schedule enforcement.
• Once enforcement is active:
  • Requests from non-allow-listed IPs will be blocked.
  • The Klarna-Ip-Validation-Status header will no longer be included in responses.

• Maintain an accurate and current list of all outbound IPs used by your systems.
• Notify Klarna promptly of any infrastructure or network changes that may affect IP origins.
• Avoid using dynamic or shared NAT IPs that may change over time.