We are running into an issue with accessing the web API from a hosting provider that does not have a static IP address. Our outbound IP addresses are dynamic and they can and will change often due to the hosting provider's cloud-based container infrastructure.
Is it possible to allow access to the API from particular subdomains (example: dev.mysite.com) instead of IP address, or get access in some other way? If not, how can we work around this issue? Thanks in advance.
The solution that I've had in my back pocket for this issue would be to run a proxy on something with a static outbound IP. Your proxy gets whitelisted, and accepts requests from the dynamic addresses used by your hosting provider which it forwards to the API. You could layer on some additional authentication between your proxy and container-based solution (perhaps JSON Web Tokens in an HTTP header? Or some kind of certificate authentication?) if you wanted to maintain the same type of access restriction.
Thanks for this suggestion but it is a ton of overhead for us to just access an API. We are talking about standing up middleware that we then have to secure, support, and maintain. I think Tessitura will need to think about supporting access that is not bound by an IP whitelist as many sites are now cloud-hosted and rely on dynamic outbound IPs.
Completely agree! Curious to know what other options are suggested by support...