Downloads  |  Buy

An API key must be used by a single device

Re: An API key must be used by a single device

Postby steve@bundyplus.com.au » March 14th, 2019, 6:22 pm

Hi Wyatt,

Good news you're looking at relaxing your stance on static IPs but we have 5 front end servers so 3-4 IP address aren't going to work for us :-(

Cheers
Steve
steve@bundyplus.com.au
 
Posts: 4
Joined: March 13th, 2019, 5:57 pm

Re: An API key must be used by a single device

Postby steve@bundyplus.com.au » March 14th, 2019, 7:21 pm

Hi Wyatt,

I've checkout our your suggestion for Ian but that solution seems to only apply to direct SQL connections.

Cheers
Steve
steve@bundyplus.com.au
 
Posts: 4
Joined: March 13th, 2019, 5:57 pm

Re: An API key must be used by a single device

Postby Wyatt » March 15th, 2019, 6:02 am

Contact Zapier, if they have the ability to use static IPs for some things they have the ability to do it with others.
User avatar
Wyatt
Site Admin
 
Posts: 5865
Joined: July 11th, 2007, 10:30 pm
Location: New Hampshire

Re: An API key must be used by a single device

Postby steve@bundyplus.com.au » March 17th, 2019, 5:19 pm

Hi Wyatt,

I contacted Zapier and this is their response.

"We only have a static IP for our MySQL, PostgreSQL and SQL Server integrations. Everything else is from a general pool of servers from AWS's us-east-1 region. We don't have another way to lock in a specific IP -- I'm sorry for the news! Let us know if you have any questions."

Cheers
Steve
steve@bundyplus.com.au
 
Posts: 4
Joined: March 13th, 2019, 5:57 pm

Re: An API key must be used by a single device

Postby ChrisK » March 24th, 2019, 5:27 pm

Hi Wyatt,

We are in a similar boat to Ian in that we use Zapier extensively.

Our plan was to use Wyday for licensing but as you can't integrate with them we will have to look elsewhere.

Having the "allowed" IP address being limited to 1 per 24 hours is ridiculous when so many cloud type services don't allow for static IP addresses.

Is this something you are looking to address? (Quite frankly 3 extra allowed IP's is not good enough)

Regards

Chris K
ChrisK
 

Re: An API key must be used by a single device

Postby Wyatt » March 25th, 2019, 3:37 pm

Hey Chris,

I've just published a blog post describing our rationale for this policy shift, how to properly implement security in your company, and what the future holds:

https://wyday.com/blog/2019/when-in-conflict-security-supersedes-usability/

Contact Zapier and tell them to fix their integration with LimeLM. If it's using variable (or a pool of) IP addresses then it's broken. It's their responsibility to fix their broken, insecure, software.

There's a reason they allow static IP address for database connections -- it's more secure. You should care about data security when storing data in any 3rd party service.
User avatar
Wyatt
Site Admin
 
Posts: 5865
Joined: July 11th, 2007, 10:30 pm
Location: New Hampshire

Previous

Return to LimeLM, TurboActivate, & TurboFloat Support