Give Base44 Backend Functions a Static Outbound IP for API Allowlisting

Set QUOTAGUARDSHIELD_URL as a Base44 secret, create a Deno HTTP client with the proxy URL, and any IP-restricted API allowlist passes in 2 minutes.

Base44 builders hitting financial APIs, enterprise databases, or any service behind a corporate firewall run into the same wall. The outbound IP rotates. The firewall rejects it. There's no native fix.

Firewall Allowlisting Requires a Fixed Egress IP. Base44 Has None.

Every outbound request from a Base44 backend function leaves from a rotating pool of shared IP addresses. It's how managed serverless platforms work. The IP your API call comes from this run isn't the IP it came from last run.

If the service you're calling enforces an allowlist, it sees an unrecognized IP and rejects the request. Financial APIs do this. Enterprise LDAP and database systems do this. Any compliance-sensitive service that uses IP-based access control does this.

You can't allowlist a rotating pool. You need one fixed IP to hand to the IT team and leave there permanently.

Base44 Has No Native Static IP Feature

The feature request for static IP support was posted publicly in Base44's feedback forum and has attracted upvotes from builders in financial and enterprise contexts. As of 2026, there's no native solution and no committed timeline. Base44's platform handles this at the infrastructure level, which means individual developers can't configure it themselves.

The workaround that actually works: route your outbound requests through a proxy that has a fixed IP. The receiving API sees the proxy's IP, not Base44's rotating pool. That IP never changes.

QuotaGuard Routes Base44 Requests Through a Fixed IP in 2 Minutes

Base44 backend functions run on Deno, a TypeScript runtime that has its own native HTTP client with proxy support. You don't use https-proxy-agent here. You use Deno's built-in Deno.createHttpClient API.

First, add your proxy credentials as a Base44 secret. From the CLI:

base44 secrets set QUOTAGUARDSHIELD_URL https://username:password@us-east-shield-01.quotaguard.com:9294

Pick the region closest to the API or database you're calling. QuotaGuard runs on 10 AWS regions: US-East, US-West, EU-West, EU-Central, AP-Northeast (Tokyo), AP-Southeast (Singapore), AP-Southeast-2 (Sydney), AP-South (Mumbai), CA-Central, and SA-East (São Paulo).

Then in your backend function, create a Deno HTTP client configured to use the proxy:

import { createClientFromRequest } from "npm:@base44/sdk";

export default async function handler(req: Request): Promise {
  const proxyUrl = Deno.env.get("QUOTAGUARDSHIELD_URL");

  const proxyClient = Deno.createHttpClient({
    proxy: { url: proxyUrl },
  });

  const response = await fetch("https://your-restricted-api.example.com/endpoint", {
    client: proxyClient,
  });

  const data = await response.json();
  return new Response(JSON.stringify(data), {
    headers: { "Content-Type": "application/json" },
  });
}

Note: Deno.createHttpClient is a privileged Deno API. Confirm your Base44 plan's sandbox allows it before deploying to production. If Base44's runtime restricts this API, contact Base44 support to request proxy access for your workspace.

The IP that your customer's firewall or API allowlist receives is the QuotaGuard egress IP for your chosen region. It stays fixed across every function invocation, every redeployment, and any future Base44 infrastructure change.

QuotaGuard tip: one account covers every Base44 backend function across every project. Your entire workspace routes through the same fixed IP. You hand one IP to the IT team once.

QuotaGuard Shield Keeps Financial and Compliance Data Encrypted End-to-End

The Base44 feedback post that prompted this article names two use cases explicitly: financial and trading integrations, and enterprise environments with strict security controls. Both involve sensitive data in transit.

QuotaGuard Shield is the right product here. Shield uses SSL passthrough. The TLS connection runs end-to-end between your Base44 function and the destination API. QuotaGuard routes the packets but never decrypts them. Credit card data, trading positions, PII, and healthcare records pass through without QuotaGuard ever seeing the payload.

This matters for PCI-DSS, HIPAA, and SOC 2 workloads. Shield removes QuotaGuard as a data handler in your compliance picture. QuotaGuard Shield plans start at $29/month. See QuotaGuard Shield.

If your Base44 functions don't handle regulated data, QuotaGuard Static works identically with the same Deno proxy pattern. Use QUOTAGUARDSTATIC_URL instead, port 9293, and the proxy URL uses http://. Static plans start at $19/month.

One Fixed IP, Every External API Your Base44 App Calls

Base44 will likely add native static IP support at some point. Until then, a proxy is the only path. It's also more portable. If you later move specific backend functions to Railway, Render, or any other platform, the same QuotaGuard account works. Same IP. Same allowlist entries on the services you're calling. Nothing changes for your customers or their IT teams.

The operational cost of a rotating IP is easy to underestimate. Every IP change means a support ticket, a waiting period, a firewall rule update, a confirmation call, a retest. A fixed IP avoids that cycle permanently.

QuotaGuard Shield plans start at $29/month. Review pricing at quotaguard.com/products/pricing and pick the tier that fits your outbound traffic volume.