Connect to Services Behind the Firewall

Stitch It is a cloud-based SaaS service that, by default, can only reach services that are accessible via the public internet. However, if you need to connect Stitch It to such a service, it is possible.

To be able to connect to a service in a restricted network, you generally have the following two options:

  • Add a firewall ingress bypass rule to your network firewall to allow outgoing Stitch It API connections to reach the service behind the firewall. All outgoing Stitch It connections have a static IP address:
  • Set up a reverse proxy in a less restricted network (commonly known as DMZ network) to expose the service to the internet. You can also configure an IP allowlist rule in the reverse proxy to only allow connections from Stitch It to pass through.

You need to be able to reach the same service in a restricted network while setting up connections that require user consent (OAuth). In other words, your browser must be able to connect to the service you're setting up and connect to Stitch It.

Allow Events to Reach Stitch It

If you configure event listeners to be triggered from a restricted network and those events are not reaching Stitch It, ensure that your network allows egress traffic directly to the internet. Under the hood, Stitch It uses AWS API Gateway, but unfortunately, this service does not have a static IP address. If acceptable, you can configure your firewall egress traffic to reach any AWS API Gateway by allowlisting known AWS IP ranges.

You can view known AWS IP ranges and filter this list based on a region (eu-west-1) and service (API_GATEWAY) to find all known IP ranges for API Gateway in a region where Stitch It is hosted.

On this page