Join the Webstudio community

Updated 2 months ago

Help Request - API and Dynamic IPs

At a glance
Hello everyone,

I'm currently using an API to display reviews on my Webstudio site. For security reasons, I need to restrict access to my API to specific IP addresses. However, I've noticed that the IP address used by Webstudio for fetch requests seems to change regularly.

As a result, I'm stuck. Does anyone have a solution to manage this problem of dynamic IP addresses with Webstudio and APIs?

Thanks in advance for your help!
B
M
J
19 comments
Cloudflare is distributed edge network. There is no static ip there. You need to host website on your own. And api still won't work in builder.
Why do you need to restrict by ip? Not very good practice these days.
You don't think that an unrestricted API key could allow malicious users to get hold of it and use it? I don't know what the standard is, I have played very little with the Google API keys
You don't put any restrictions?
Pretty sure you can restrict Google API by domain which is a good idea
@John Siciliano No, unfortunately I did a lot of research on this subject and for the Google Maps "Place View" API, it does not work. You must use IP addresses
(I also asked Google Cloud Console support)
That's why I'm asking the question. But as explained, I'm not an expert in Google APIs.

My only fear is if this key gets stolen.
Are you using it on the backend in resources or the frontend?
On the other hand, I manage to make the API request, it's just that after a few minutes it no longer works because the IP has changed.
That's backend. You're fine. As a safety measure just to be sure, place a maximum billing amount threshold on the API key
Hmm I don't know how to do this yet...
But this means that we cannot protect the API by IP... 😭
Somehwere in billing you can say max amount. Even if you did restrict the key, thats not protecting you from mistakes on your side.. what if you implement some infinite redirect and it calls it many times?
Technically, you can restrict by IP. I think this is the IP you'd want but I personally wouldn't do this https://developers.cloudflare.com/fundamentals/reference/http-request-headers/#cf-connecting-ip-in-worker-subrequests
Oh ok, but why wouldn't you? Sorry if my question seems stupid
Because IPs changes, our infrastructure can change, and im not confident in the IP to block. It's also not needed if you implement a quota as you'll be protected in the very unlikely event your key is leaked
Thanks πŸ‘
Hum Ok I understand !
Thanks y very much about yr answer !
Add a reply
Sign up and join the conversation on Discord