Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(Investigate) how to use better way to securing API umbrella backends #3758

Open
fec-jli opened this issue May 8, 2019 · 1 comment
Open

Comments

@fec-jli
Copy link
Contributor

fec-jli commented May 8, 2019

We discovered the documentation that recommends against using IP restriction for securing API backends (https://github.com/18F/api.data.gov/wiki/User-Manual:-Agencies#ip-based-restrictions)
but api.data.gov 's IPs might be changing in the future.

Try to look at implementing a better approach.

@lbeaufort
Copy link
Member

From API umbrella team:

We will certainly keep in you in mind and be in touch in the event any of our IP addresses do change.

Although, if the IP-based restrictions work easiest or best for your environment, you're certainly welcome to keep using that approach. We were just gently steering people away from that approach for new setups to make it potentially easier for everyone in the event our IPs change. However, we realize some agencies and network teams prefer IP restrictions, or they may be easier to setup, so you can certainly keep using that approach if you'd like. If our IPs do change, we'll be sure to work with all the agencies to give you all plenty of heads up and verify everything is working against new IPs before making any changes that would affect your production API traffic. But if you'd prefer to switch to a different approach so you don't have to worry about IPs, that's also dandy—whatever's easiest for you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: ❄️ Icebox
Development

No branches or pull requests

5 participants