Public IP of Apigee Free

Not applicable

Hi Guys,

Do we have a fix public IP for Apigee API endpoint - https://org-prod.apigee.net?

Thanks.

Solved Solved
0 4 930
1 ACCEPTED SOLUTION

Hi @Ronald de la Cruz, the issue you are seeing is that the hosts that your domain xxxxx-prod.apigee.net resolves to are not the same as the ones where your traffic leaves your Apigee proxy headed to your internal API, so whitelisting those IPs won't work in your scenario.

You would need to whitelist the IP addresses of the Apigee message processors but we don't support whitelisting of message processors for Apigee Trial, StartUp or SMB. A major part of the reason for this is because they do change, potentially frequently.

We do support whitelisting of message processors on our full Apigee Edge (Enterprise) plans and if this is something you might be interested in, please contact us here.

An alternative to IP whitelisting is to use 2-way SSL from Edge to the backend service (also known as southbound traffic ssl). While this is not available in Apigee Trial, it is available in Apigee Startup and SMB along with Enterprise. With 2-way SSL you would create a key store and optionally a trust store on Apigee Edge and then you can configure your internal API to only accept incoming SSL connections that present your previously uploaded certificate.It will give you the same level of access control without needing to whitelist IP addresses.

View solution in original post

4 REPLIES 4

Hi @Ronald de la Cruz we do not have a fixed public IP for the Trial (Free) service.

Could you share a bit more about your use-case for a fixed public IP address?

Hi @mschreuder, we have an internal APIs that we wanted to restrict access (whitelist). The internal APIs would only allow access to Apigee endpoint. But, the only way is thru IP.

I asked the support team, and here's the response:

The domain xxxxx-prod.apigee.net will resolve to one of the following publicIP's; 54.208.75.128 107.23.127.85 107.23.127.17 107.23.14.64 107.23.127.97

54.208.203.232

But it seems the whitelisting is not resolving on these IPs.

Hi @Ronald de la Cruz, the issue you are seeing is that the hosts that your domain xxxxx-prod.apigee.net resolves to are not the same as the ones where your traffic leaves your Apigee proxy headed to your internal API, so whitelisting those IPs won't work in your scenario.

You would need to whitelist the IP addresses of the Apigee message processors but we don't support whitelisting of message processors for Apigee Trial, StartUp or SMB. A major part of the reason for this is because they do change, potentially frequently.

We do support whitelisting of message processors on our full Apigee Edge (Enterprise) plans and if this is something you might be interested in, please contact us here.

An alternative to IP whitelisting is to use 2-way SSL from Edge to the backend service (also known as southbound traffic ssl). While this is not available in Apigee Trial, it is available in Apigee Startup and SMB along with Enterprise. With 2-way SSL you would create a key store and optionally a trust store on Apigee Edge and then you can configure your internal API to only accept incoming SSL connections that present your previously uploaded certificate.It will give you the same level of access control without needing to whitelist IP addresses.

Thank you so much @mschreuder