I am making an iOS and Android App. We require Recharge Functionality in the app. We are planning on using a Recharge API provided by a company.
Due to security reasons the API allows request only through specific IP whitelisted IP addresses.
This IP address should ideally be the IP of our server.
But we are using Firebase as the database and storage and authentication in our app.
So how can we make such that the API requests made through the App by our users will go through and not cause an error as the user's IP address won't be whitelisted ?
You will need to proxy API requests from your users, such that, to your API provider all requests appear to originate from the same static IP address which will be whitelisted.
A proxy is a passive software component that essentially receives requests on one end, and forwards them to the API server on the other end. In other words, it makes API calls on behalf of your users.
You can use NGINX, HAProxy or just any available reverse proxy, or write a custom one using a language of your choice - since it is not a difficult assignment.
Here, is how to set up a reverse proxy using HAProxy on a linux box.
First, install haproxy from a linux terminal
apt update && apt install haproxy
Then navigate to folder /etc/haproxy
cd /etc/haproxy
Rename the default configuration file to haproxy.cfg.backup
mv haproxy.cfg{,.backup}
Now, create a new configuration file, haproxy.cfg
nano haproxy.cfg
With the following content, and then save changes.
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
defaults
log global
mode http
timeout connect 5000
timeout client 50000
timeout server 50000
frontend api_proxy
bind *:8080
mode http
default_backend remote_api_server
backend remote_api_server
#replace 10.10.10.10 with the actual Ip address
server server1 10.10.10.10:443 ssl
Replace 10.10.10.10 with API provider IP address and 443 with the actual port.
If the API is not using HTTPS, remove the ssl option
8080 is the port your users will be connecting to. Change to whatever you want.
Now, start haproxy using the command below:
haproxy -D -f haproxy.cfg
You can verify that haproxy is listening on port 8080
telnet localhost 8080
Configure your app to call the recharge API through the proxy URL, which will be:
http://your_server_ip_address:8080/your/api/url
Your will need to configure HTTPS in production environment though.
Check the link below on how to config SSL with haproxy
Let me know if this helps.