diff --git a/middleware/config.js b/middleware/config.js
index 251a222..d495e33 100644
--- a/middleware/config.js
+++ b/middleware/config.js
@@ -4,6 +4,7 @@ require('dotenv').config({ path: path.resolve(__dirname, '../.env') });
 const config = {
     port: process.env.PORT || 3000,
     allowed: process.env.ALLOWED || 'http://localhost:8080',
+    allowed_ipaddress: process.env.ALLOWED_IPADDRESS,
     // Database connection
     db: {
         client: process.env.DB_CLIENT || 'mysql',
diff --git a/routes/ip.js b/routes/ip.js
new file mode 100644
index 0000000..5204657
--- /dev/null
+++ b/routes/ip.js
@@ -0,0 +1,43 @@
+const cors = require('cors');
+const express = require('express');
+const app = express();
+const config = require('../middleware/config');
+const fs = require('fs');
+
+// Set app headers to allow localhost:8080 to acces the api 
+let allowedOrigins = config.allowed.split(', ');
+app.use(cors({
+    origin: allowedOrigins,
+    credentials: true
+}));
+
+// Get the allowed ip address
+var allowedIpaddress = config.allowed_ipaddress;
+
+// basic route at /api
+app.get('/ip', (req, res) => {
+    res.status(200).send({
+        allowedIpaddress: 'The allowed ip of school',
+    });
+});
+
+app.post('/ip', (req, res) => {
+    // Get the ip address from the request
+    let ipaddress = req.body.ipaddress;
+    
+    // Check if the ip address is allowed
+    if (allowedIpaddress == ipaddress) {
+        res.status(200).send({
+            allowedIp: true,
+        });
+    } else {
+        res.status(200).send({
+            allowedIp: false,
+        });
+    }
+    return;
+});
+
+
+// export the app
+module.exports = app;
\ No newline at end of file