How IP Whitelist restrictions are applied to API on a tenant. Since I can get a token by auth API : https://auth.reltio.com/oauth from any IP source event after IP whitelisting is enabled.
The way this works follows world wide company standards, Auth requests go to Auth servers they need to be publicly available, and they are not tenant-specific so they won't be under tenant IP restrictions (IP-Whitelisting). The expected behavior is you can get a token using the auth API request because it will go to publicly available servers with no IP restrictions. Please refer to the below diagram:-
However, if you initiate any API request using the generated token to an IP whitelist enabled tenant and the API request source IP is not in the tenant IP whitelist then you will get a 403 - Forbidden error. The request will be processed if the source IP is in the tenant IP whitelist.
You can contact Reltio to add an IP in the tenant IP whitelist.