We are running into an issue with accessing the web API from a hosting provider that does not have a static IP address. Our outbound IP addresses are dynamic and they can and will change often due to the hosting provider's cloud-based container infrastructure.
Is it possible to allow access to the API from particular subdomains (example: dev.mysite.com) instead of IP address, or get access in some other way? If not, how can we work around this issue? Thanks in advance.
That's really something to negotiate with (I presume) RAMP.
Vincent Massaro, The first step would be to do as Gawain recommended, and open a support ticket. You can do so by emailing your question above to hello@tessituranetwork.com
That should get you to a place where you can learn more about options that you may have.
Thanks
Chris
Thanks, we do have a ticket open (#91385) but was not really getting an answer on what is possible, and I couldn't find any mention of IP restriction in the API docs so I figured I would ask the question here.
The solution that I've had in my back pocket for this issue would be to run a proxy on something with a static outbound IP. Your proxy gets whitelisted, and accepts requests from the dynamic addresses used by your hosting provider which it forwards to the API. You could layer on some additional authentication between your proxy and container-based solution (perhaps JSON Web Tokens in an HTTP header? Or some kind of certificate authentication?) if you wanted to maintain the same type of access restriction.
Thanks for this suggestion but it is a ton of overhead for us to just access an API. We are talking about standing up middleware that we then have to secure, support, and maintain. I think Tessitura will need to think about supporting access that is not bound by an IP whitelist as many sites are now cloud-hosted and rely on dynamic outbound IPs.
Completely agree! Curious to know what other options are suggested by support...