This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Proxy IP whitelisting

Posted on 11-11-2016 09:32 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Dear apigee community,

Currently I'm busy with an API that can only be acccesed through IP's that have been whitelisted by the API provider.

Is there a way to solve this? Like finding the apigee's IP, which is used everytime through a proxy request? Or a way to use my ip adres of my home for that proxy?

kind regards

1 3 13.8K
Topic Labels
3 REPLIES 3

Posted on --/--/---- --:-- AM
mschreuder
Staff
Reply posted on --/--/---- --:-- AM

For Apigee Edge Enterprise customers, whitelisting is supported and Apigee would provide a small number of IP addresses that can be whitelisted but for Trial this is not available.

You are not able to modify the source IP address on requests leaving your API Proxy, so using your home IP address like that would not work. Even if you could, what would happen if you did that is all the responses to your API requests would be sent to your home by the API provider instead of coming back to your Apigee proxy so clients that made the request would never get a response from Apigee.

Extending the above, let's say you instead set up a simple routing server at your home and configure your Apigee API Proxy target to point to that routing server. You set it so that what it does when it receives a request from Apigee is pass it straight to the API Provider. That way it will have your IP address on the portion of the journey to the API Provider. The response comes back and your routing server returns it to Apigee. But now you will have to solve again things like security, traffic management, etc on your routing server, plus there will be latency impacts as the request is routed between the different nodes. And unless you have a static IP address from your home ISP, you still have the same issue with having to detect IP address changes and get the API provider's whitelist updated but now you also need to get that updated IP address to Apigee as well to update your target configuration in your proxy. You could use a dynamic DNS service to minimize that second part but you will experience times when your IP address changes and there are outages on your API.

While possible, I don't believe that finding Apigee's IP address for every request would work well either and again it's because you would need some way to give that IP address to the API provider so they can whitelist it. When IP addresses change, there will be some time lag between you detecting the new IP address and the API provider whitelisting it. During that time your API requests will be rejected by the API Provider.

Another alternative, you could request the API provider to whitelist all AWS IP addresses but likely they would not want to do that because that clearly largely defeats the point of IP whitelisting.

So other than becoming an Enterprise customer, I don't know of any option, but perhaps there are other suggestions from the community?

Posted on --/--/---- --:-- AM
Not applicable
In response to mschreuder
Reply posted on --/--/---- --:-- AM

Thanks for all the effort you put into your reply!

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to mschreuder
Reply posted on --/--/---- --:-- AM

We will have to find another way then, i guess.

0 Likes