I’m building a custom app that needs to access a PostgreSQL database. For security reasons, customer wants to restrict the access to a specific IP range. I already asked this in another occasion for using a third party lib for rest requests (llink).
Is the answer from this still valid or we can now have the IP range for these kind of requests?
How will I use it through pg connection? Note that I’m not making a REST request, but using the lib “pg” to connect to the PostgreSQL database - perhaps I wasn’t clear creating the topic… I just linked the other topic as a reference, since I believe the outcome is the same, that using third party libs, I can’t have an IP range.
I think your understanding is correct regarding the third party libs. Also exposing internal DBs directly to external apps is something should be avoided. Having a middleware to talk to your DB and exposing a secure API from your middleware to connect from your custom app would be ideal here.
It’s the requests are coming through 3rd party libraries instead of the request method, then putting up an IP range as a whitelist is not possible today.
Let us know if there are any requirements from the platform that we may be able to increase… may rate limits, or something to help you out. If not, I guess what @Sachin_Kumar suggest seems to be the near-term option.
The Request Method is a platform offering hence platform will have control over where requests originate from. Hence platform can give away the IP ranges to businesses to allowlist API calls.
However, few developers understand that the business use case requires a 3rd party library such as axios or superagent to make API calls which platform doesn’t have control over the IP origins.