QuotaGuard and DocuWare Cloud Integration Guide

QuotaGuard Static IPs let your integration reach the DocuWare Cloud Platform API from two fixed addresses you add once to DocuWare’s IP-based access control. Route your DocuWare calls through QuotaGuard Static, set QUOTAGUARDSTATIC_URL, and add your two fixed IPs to the allowlist in DocuWare’s Security settings.

Inbound and EU residency: This page covers the outbound integration. For inbound static IPs and EU data residency options, see the DocuWare static IP integration page.

DocuWare Cloud’s IP Allowlist Blocks Rotating Integration IPs

DocuWare Cloud includes IP-based access control in its Security settings. Once any address is listed, only those addresses can access the organization, and the control is enforced on all access including the REST API. A document-sync job or automation on a cloud platform like Heroku or AWS Lambda egresses from an address that changes on deploys and scaling, so the allowlist rejects it the moment it is active.

This guide is for DocuWare Cloud. On-premises DocuWare runs on your own network, where you already control egress.

Getting Started

After creating a QuotaGuard account, you are redirected to your dashboard, where you can find your proxy credentials and two static IP addresses.

Choose the right proxy region: Select the QuotaGuard region closest to where your integration runs. The region is set at sign-up. Changes after sign-up require contacting support.

QUOTAGUARDSTATIC_URL="http://username:password@<your-quotaguard-proxy-host>:9293"

Add Your QuotaGuard IPs to DocuWare

In DocuWare, open Configurations > Security settings > IP-based access control and enter your two QuotaGuard IP addresses. DocuWare uses IPv4, which matches QuotaGuard’s static IPs. Once any address is listed, only listed addresses reach the organization, so confirm your own admin access is covered before you rely on it.

Authenticate Against the Platform API

DocuWare Cloud’s Platform API lives at your organization’s endpoint, https://your-org.docuware.cloud/DocuWare/Platform, and uses OAuth 2.0 bearer tokens. The flow first discovers the identity service, then requests a token scoped to docuware.platform. Route every call, including the token request, through the proxy so it exits from your static IPs.

  1. GET /Home/IdentityServiceInfo to discover the identity service for your deployment.
  2. Request a token from the identity service, scoped to docuware.platform. Tokens are valid for about 60 minutes.
  3. Send the bearer token on every Platform API call.

Route Your DocuWare Calls Through the Proxy

Attach the proxy to the requests that reach DocuWare rather than forcing all traffic through it. This keeps the rest of your integration on its normal path.

Python (requests) 

import os, requests

proxies = {
    "http": os.environ["QUOTAGUARDSTATIC_URL"],
    "https": os.environ["QUOTAGUARDSTATIC_URL"],
}
base = "https://your-org.docuware.cloud/DocuWare/Platform"

resp = requests.get(
    f"{base}/FileCabinets",
    headers={"Authorization": f"Bearer {access_token}", "Accept": "application/json"},
    proxies=proxies,
)
print(resp.status_code)

Node.js (undici) 

import { ProxyAgent, fetch } from 'undici';

const dispatcher = new ProxyAgent(process.env.QUOTAGUARDSTATIC_URL);
const base = 'https://your-org.docuware.cloud/DocuWare/Platform';

const res = await fetch(`${base}/FileCabinets`, {
  dispatcher,
  headers: { Authorization: `Bearer ${accessToken}`, Accept: 'application/json' },
});
console.log(res.status);

C# (.NET HttpClient) 

var proxyUri = new Uri(Environment.GetEnvironmentVariable("QUOTAGUARDSTATIC_URL"));
var handler = new HttpClientHandler
{
    Proxy = new WebProxy(proxyUri) { Credentials = new NetworkCredential(proxyUri.UserInfo.Split(':')[0], proxyUri.UserInfo.Split(':')[1]) },
    UseProxy = true
};
var client = new HttpClient(handler);
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
var resp = await client.GetAsync("https://your-org.docuware.cloud/DocuWare/Platform/FileCabinets");

DocuWare’s .NET SDK is common in DocuWare integrations, which is why the C# example is included here.

Or Set HTTP_PROXY Globally

For a quick start, set the standard proxy variables and exclude internal hosts. This is coarser, so prefer the in-code pattern when most of your traffic should not be proxied.

export HTTP_PROXY="http://username:password@<your-quotaguard-proxy-host>:9293"
export HTTPS_PROXY="http://username:password@<your-quotaguard-proxy-host>:9293"
export NO_PROXY="localhost,127.0.0.1"

Testing Your Integration Is Using the Static IP 

curl -x "$QUOTAGUARDSTATIC_URL" https://ip.quotaguard.com

Expected response:

{"ip":"<one of your two QuotaGuard static IPs>"}

The returned IP must be one of the two static IPs in your QuotaGuard dashboard, and both must be on your DocuWare allowlist. Run it more than once to confirm both (load-balanced).

Troubleshooting

Access denied or 401/403 after enabling the allowlist

Only one of your two QuotaGuard IPs is on the DocuWare allowlist, so requests routed through the other IP fail. Add both.

407 Proxy Authentication Required

This is the QuotaGuard proxy, not DocuWare. Your QUOTAGUARDSTATIC_URL credentials are wrong. Confirm them against your dashboard.

Token works locally but fails from the integration host

Your local machine’s IP is different from your two QuotaGuard IPs. The integration host must route the token request through the proxy too, not just the Platform API calls.

Wrong IP returned

The proxy is not attached to the request. Confirm you applied it to the specific call, or that HTTP_PROXY/HTTPS_PROXY are set and not overridden by NO_PROXY.

Regulated Document Data Belongs on QuotaGuard Shield

DocuWare often stores regulated documents such as HR records, contracts, invoices, and health information. If your integration moves that kind of data, use QuotaGuard Shield. Shield uses SSL passthrough and never decrypts your traffic at the proxy, and your TLS keys never leave your servers. Static tunnels outbound HTTPS without decrypting the payload and is appropriate for everything that is not regulated.

QuotaGuard Static vs QuotaGuard Shield

Feature QuotaGuard Static QuotaGuard Shield
Protocol HTTP / HTTPS / SOCKS5 HTTPS / SOCKS5 over TLS
Customer-to-proxy hop Plaintext TLS-encrypted
HTTPS payload Tunneled end-to-end, never decrypted at the proxy Tunneled end-to-end, never decrypted at the proxy
Best for Most apps Regulated data or environments that require TLS on every hop
Starting price $19/month $29/month

Ready to Get Started?

Get in touch or create a free trial account.

Try QuotaGuard Now

View DocuWare Integration Features

Read: How to Give a Cloud Integration a Static IP for DocuWare Cloud

Contact Support

Ready to Get Started?

Get in touch or create a free trial account

Try QuotaGuard Now

Back to top ↑

Copyright © 2009 - 2026 QuotaGuard. All rights reserved.

Copyright © 2009 - 2026 QuotaGuard. All rights reserved.