Merge pull request #8546 from PasanT9/allow-list-420

[4.2.0] Add allow list to expose Developer portal

en/docs/install-and-setup/setup/deployment-best-practices/security-guidelines-for-production-deployment.md

@@ -892,12 +892,25 @@ This section provides a list of security guidelines for configuring the network
 <p><strong>Note:</strong> </p>
 <p>It is recommended to use an allowlisting approach when allowing access to resources in your product from the DMZ level.</p>
 
+<p>For the API-M Developer Portal, exposing the following paths would be sufficient:</p>
+    <ul>
+      <li>https://&lt;host&gt;:&lt;port&gt;/devportal</li>
+      <li>https://&lt;host&gt;:&lt;port&gt;/devportal/*</li>
+      <li>https://&lt;host&gt;:&lt;port&gt;/api/am/devportal/v3/*</li>
+      <li>https://&lt;host&gt;:&lt;port&gt;/oauth2/*</li>
+      <li>https://&lt;host&gt;:&lt;port&gt;/oidc/*</li>
+      <li>https://&lt;host&gt;:&lt;port&gt;/authenticationendpoint/*</li>
+      <li>https://&lt;host&gt;:&lt;port&gt;/logincontext</li>
+      <li>https://&lt;host&gt;:&lt;port&gt;/oauth2/authorize</li>
+      <li>https://&lt;host&gt;:&lt;port&gt;/commonauth</li>
+      <li>https://&lt;host&gt;:&lt;port&gt;/accountrecoveryendpoint/*</li>
+   </ul>
+
 </td>
 </tr>
 </tbody>
 </table>
 
-
 ## Configure client authentication
 
 Client authentication is used to identify the application or the client that is making the request.