The community member is using an API to display reviews on their Webstudio site and needs to restrict access to the API for security reasons. However, they've noticed that the IP address used by Webstudio for fetch requests changes regularly, which is causing issues. The community members discuss various solutions, such as restricting the API by IP address, which may not be reliable due to dynamic IP addresses, or setting a maximum billing amount threshold on the API key as a safety measure. The consensus seems to be that restricting by IP address is not a recommended practice, and implementing a quota or billing threshold may be a better approach to protect the API key.
I'm currently using an API to display reviews on my Webstudio site. For security reasons, I need to restrict access to my API to specific IP addresses. However, I've noticed that the IP address used by Webstudio for fetch requests seems to change regularly.
As a result, I'm stuck. Does anyone have a solution to manage this problem of dynamic IP addresses with Webstudio and APIs?
You don't think that an unrestricted API key could allow malicious users to get hold of it and use it? I don't know what the standard is, I have played very little with the Google API keys
@John Siciliano No, unfortunately I did a lot of research on this subject and for the Google Maps "Place View" API, it does not work. You must use IP addresses (I also asked Google Cloud Console support)
Somehwere in billing you can say max amount. Even if you did restrict the key, thats not protecting you from mistakes on your side.. what if you implement some infinite redirect and it calls it many times?
Because IPs changes, our infrastructure can change, and im not confident in the IP to block. It's also not needed if you implement a quota as you'll be protected in the very unlikely event your key is leaked
