diff --git a/doc/changes/changes_0.3.0.md b/doc/changes/changes_0.3.0.md
index d8a2dc6..810d185 100644
--- a/doc/changes/changes_0.3.0.md
+++ b/doc/changes/changes_0.3.0.md
@@ -7,3 +7,4 @@ This release adds integration tests for the most important calls to SaaS API.
 ## Refactorings
 
 * #21: Added integration test for operation "create database"
+* #23: Added integration test for operation "add IP to whitelist"
diff --git a/test/integration/allowed_ip_test.py b/test/integration/allowed_ip_test.py
new file mode 100644
index 0000000..1aa5472
--- /dev/null
+++ b/test/integration/allowed_ip_test.py
@@ -0,0 +1,9 @@
+def test_lifecycle(api_access):
+    testee = api_access
+    with testee.allowed_ip(ignore_delete_failure=True) as ip:
+        # verify allowed ip is listed
+        assert ip.id in testee.list_allowed_ip_ids()
+
+        # delete allowed ip and verify it is not listed anymore
+        testee.delete_allowed_ip(ip.id)
+        assert ip.id not in testee.list_allowed_ip_ids()
diff --git a/test/integration/api_access.py b/test/integration/api_access.py
index e8b9a7c..5fd3a83 100644
--- a/test/integration/api_access.py
+++ b/test/integration/api_access.py
@@ -87,3 +87,47 @@ def database(
         finally:
             if not keep and db:
                 self.delete_database(db.id, ignore_delete_failure)
+
+    def list_allowed_ip_ids(self) -> Iterable[openapi.models.allowed_ip.AllowedIP]:
+        ips = list_allowed_i_ps.sync(
+            self._account_id,
+            client=self._client,
+        )
+        return (x.id for x in ips)
+
+    def add_allowed_ip(self, cidr_ip: str = "0.0.0.0/0") -> openapi.models.allowed_ip.AllowedIP:
+        """
+        Suggested values for cidr_ip:
+        * 185.17.207.78/32
+        * 0.0.0.0/0 = all ipv4
+        * ::/0 = all ipv6
+        """
+        rule = openapi.models.create_allowed_ip.CreateAllowedIP(
+            name=f"pytest-{timestamp()}",
+            cidr_ip=cidr_ip,
+        )
+        return add_allowed_ip.sync(
+            self._account_id,
+            client=self._client,
+            body=rule,
+        )
+
+    def delete_allowed_ip(self, id: str, ignore_failures=False):
+        with self._ignore_failures(ignore_failures) as client:
+            return delete_allowed_ip.sync_detailed(
+                self._account_id, id, client=client)
+
+    @contextmanager
+    def allowed_ip(
+            self,
+            cidr_ip: str = "0.0.0.0/0",
+            keep: bool = False,
+            ignore_delete_failure: bool = False,
+    ):
+        ip = None
+        try:
+            ip = self.add_allowed_ip(cidr_ip)
+            yield ip
+        finally:
+            if not keep and ip:
+                self.delete_allowed_ip(ip.id, ignore_delete_failure)