QuotaGuard and Make Integration Guide

QuotaGuard and Make Integration Guide

QuotaGuard Static IPs allow your Make scenarios to send outbound HTTP requests through a load-balanced pair of static IP addresses. Once configured, you can use QuotaGuard’s IPs to connect to firewalled APIs, enterprise databases, and services that require IP allowlisting.

You do not need QuotaGuard for internal Make operations or connections to services that don’t require IP whitelisting. QuotaGuard is specifically for reaching external services that block requests from unknown IP addresses.

Why Make Scenarios Get Blocked

Make uses shared AWS IP pools that rotate across each zone (US1, US2, EU1, EU2). Each zone has three egress IP addresses that Make rotates through. These IPs are shared with every other Make user in that zone, which creates problems:

• Enterprise firewalls and WAFs block cloud IP ranges by default
• Corporate APIs require IP allowlisting for access
• Financial services and healthcare APIs enforce strict access controls
• Google Workspace Context-Aware Access policies reject unknown IPs
• Database providers like MongoDB Atlas and Amazon RDS use IP-based security groups

The result is 403 Forbidden, connection refused, or authentication failures that have nothing to do with your scenario logic. Your API keys are valid. Your configuration is correct. The target service is simply blocking the shared Make IP addresses.

Even if you ask a partner to allowlist Make’s IPs, they would need to open their firewall to every Make user in your zone. Most security teams reject this request.

QuotaGuard gives your Make scenarios a fixed, dedicated IP identity that partners can add to their firewall allowlists without exposing themselves to other Make users.

Make’s Native IP Addresses

For reference, these are Make’s current egress IP addresses per zone:

These IPs are shared across all Make users in each zone. QuotaGuard provides dedicated IPs exclusively for your scenarios.

Getting Started

After creating a QuotaGuard account, you will be redirected to your dashboard where you can find your proxy credentials and static IP addresses.

Choose the right proxy region: Match your QuotaGuard region to your Make zone for optimal latency and data residency compliance.

Finding Your Make Zone: Look at your Make dashboard URL. If it starts with eu1.make.com, you’re in the EU1 zone. If it starts with us2.make.com, you’re in US2. You can also check your organization settings.

Finding Your Static IPs: Your two static IPs are displayed in the QuotaGuard dashboard. Both IPs are active simultaneously for high availability. Add both to any firewall allowlists you’re configuring on the target service side.

Your QuotaGuard proxy URL looks like this:

http://username:password@us-east-static-01.quotaguard.com:9293

For Make, you will need to split this into components:

• Host: us-east-static-01.quotaguard.com
• Port: 9293
• Username: Your QuotaGuard username
• Password: Your QuotaGuard password

Configuring Make Scenarios

Make’s HTTP module includes native proxy support in the Advanced Settings section. This works with all Make subscription tiers, including the free plan.

Step 1: Add an HTTP Module to Your Scenario

In the Make scenario editor, add an HTTP module. You can use either:

• Make a request for standard HTTP requests
• Make a Basic Auth request for APIs requiring Basic authentication
• Make an API Key Auth request for APIs requiring API keys
• Make an OAuth 2.0 request for OAuth-protected APIs

All of these HTTP modules support proxy configuration.

Step 2: Configure Your Request

Set up your HTTP request as you normally would:

1. Enter the URL of the API endpoint you’re calling
2. Select the Method (GET, POST, PUT, etc.)
3. Add any required Headers and Body content
4. Configure Authentication if needed

Step 3: Enable the Proxy in Advanced Settings

Scroll down to the Advanced settings section at the bottom of the HTTP module configuration panel.

1. Find the Proxy field
2. Click Create a keychain (or select an existing one if you’ve configured QuotaGuard before)
3. In the popup window, configure the following fields:

1. Save the keychain
2. The proxy is now active for this HTTP module

Step 4: Reuse the Keychain Across Modules

Once you’ve created a QuotaGuard keychain, you can reuse it in any other HTTP module within your scenario or across scenarios. Select the existing keychain from the Proxy dropdown instead of creating a new one.

This is more secure than copying credentials into each module and makes key rotation easier.

Regional Proxy Endpoints

QuotaGuard offers multiple regional proxy endpoints. Use the one closest to your Make zone:

Your specific endpoint hostname is shown in your QuotaGuard dashboard. The port is always 9293 for HTTP proxy connections.

Common Use Cases

Connecting to Firewalled Enterprise APIs

Many enterprise APIs (Salesforce, SAP, Oracle, custom ERPs) require IP allowlisting. Configure the proxy in your HTTP module, then provide your QuotaGuard static IPs to the API provider for their allowlist.

Banking and Payment Gateway Integrations

Financial services APIs often have strict IP-based access controls. A dedicated static IP from QuotaGuard satisfies compliance requirements while keeping your automation running on Make.

Google Workspace Context-Aware Access

If your organization uses Google Workspace with Context-Aware Access policies, Make’s shared IPs may be blocked. Route your Google API requests through QuotaGuard, then add your static IPs to the Context-Aware Access policy.

Database Connections via HTTP APIs

While Make’s built-in database modules don’t support proxy configuration, many databases offer HTTP/REST APIs:

• Airtable via REST API
• Firebase via REST API
• MongoDB Atlas via Data API
• Supabase via PostgREST

Use the HTTP module with QuotaGuard to access these APIs when direct database connections are blocked.

Avoiding Rate Limiting from IP Reputation

Make’s shared IPs are sometimes rate-limited more aggressively because they’re associated with high-volume automated traffic. QuotaGuard’s dedicated static IPs have a cleaner reputation profile.

Legacy SOAP Services

QuotaGuard works transparently with SOAP endpoints. Set the Content-Type to text/xml or application/soap+xml, include your SOAP envelope in the body, and the proxy handles the connection.

Testing Your Implementation

Create a simple test scenario to verify your proxy configuration is working:

Step 1: Create a Test Scenario

1. Create a new scenario in Make
2. Add a Manual Trigger module (Webhooks > Custom webhook, then trigger manually)
3. Add an HTTP > Make a request module

Step 2: Configure the Test Request

1. Set the URL to: https://ip.quotaguard.com
2. Set the Method to: GET
3. In Advanced settings, configure the Proxy with your QuotaGuard keychain

Step 3: Run the Scenario

Execute the scenario once. The response body should return JSON with your static IP:

{"ip":"52.34.188.175"}

The returned IP should match one of your two static IPs shown in the QuotaGuard dashboard.

Step 4: Verify Load Balancing

Run the test scenario multiple times. You should see both of your QuotaGuard static IPs returned across different runs. This confirms the load-balanced pair is working correctly.

If you see a different IP (one of Make’s native IPs), the proxy configuration is not active. Double-check that the keychain is correctly selected in Advanced Settings.

Scenario Design Patterns

Pattern 1: Selective Proxy Routing

Only route sensitive requests through QuotaGuard to minimize latency and quota usage:

1. Module 1: Trigger (webhook, scheduler, etc.)
2. Module 2: HTTP request to public API (no proxy)
3. Module 3: HTTP request to firewalled API (QuotaGuard proxy enabled)
4. Module 4: Process and store results

This approach is cost-effective when only some of your API calls require static IPs.

Pattern 2: All-Proxy Scenarios

For scenarios where all endpoints require static IPs or consistent IP identity:

1. Create a single QuotaGuard keychain
2. Apply it to every HTTP module in the scenario
3. All traffic routes through your dedicated IPs

Pattern 3: Error Handling with IP Verification

Add validation to your scenarios:

1. Before making the sensitive API call, call https://ip.quotaguard.com with the proxy
2. Use a Filter module to verify the returned IP matches your expected QuotaGuard IP
3. Only proceed if the IP check passes
4. This catches misconfigurations before they cause production failures

Latency Considerations

Using QuotaGuard adds a network hop to your requests:

For high-volume or latency-sensitive scenarios, match your QuotaGuard region to your Make zone.

Timeout Settings: If you have strict timeouts configured on your HTTP modules (e.g., 5 seconds), consider increasing them slightly (e.g., 10-15 seconds) to account for the proxy routing. This is especially important for cross-region configurations.

Limitations

App-Specific Modules

Make’s built-in app modules (Slack, Gmail, Salesforce, etc.) make HTTP requests internally but do not expose proxy configuration. The proxy setting is only available in the HTTP module family.

Workaround: Use the HTTP module with the service’s raw API instead of the app-specific module. For example, use Salesforce’s REST API via HTTP instead of the Salesforce module.

Database Modules

Make’s native database modules (MySQL, PostgreSQL, MongoDB) connect directly to databases over TCP, not HTTP. These modules do not support proxy configuration.

Workaround: If your database offers a REST/HTTP API (like MongoDB Atlas Data API), use the HTTP module with QuotaGuard. Alternatively, consider building a lightweight API wrapper on a platform that supports SOCKS5 (like a simple Express server on Heroku or Render with QuotaGuard’s QGTunnel).

SFTP/FTP Modules

SFTP and FTP modules use non-HTTP protocols and do not support the HTTP proxy setting.

Workaround: For SFTP operations requiring static IPs, you would need an intermediary service. Contact QuotaGuard support for enterprise options.

Troubleshooting

403 Forbidden Errors

If you’re still seeing 403 errors after configuring the proxy:

1. Verify the proxy is active: Test with ip.quotaguard.com to confirm traffic routes through QuotaGuard
2. Check the destination allowlist: Ensure both of your QuotaGuard static IPs are added to the target service’s firewall
3. Confirm the keychain is selected: The proxy keychain must be explicitly selected in each HTTP module’s Advanced Settings

407 Proxy Authentication Required

Your proxy credentials are incorrect:

1. Verify the username and password in your keychain match your QuotaGuard dashboard
2. Check for extra spaces or special characters that may have been copied incorrectly
3. Ensure the host and port are exactly as shown in your dashboard

Connection Timeout

1. Verify the proxy hostname is correct (check your QuotaGuard dashboard)
2. Ensure port 9293 is used for HTTP proxy connections
3. Try increasing the timeout setting in the HTTP module’s Advanced Settings
4. Test from a different Make zone if possible

Wrong IP Address Returned

The proxy may not be configured correctly:

1. Verify the keychain is selected in Advanced Settings (not just created)
2. Check that you’re not testing a cached response
3. Try deleting and recreating the keychain
4. Ensure you’re testing with the HTTP module, not an app-specific module

Scenario Execution Time Increased

This is expected when routing through a proxy. The additional hop typically adds 10-50ms per request. If this is problematic:

1. Ensure you’re using a QuotaGuard region that matches your Make zone
2. Only proxy requests that actually require static IPs
3. Consider batching API calls where possible to reduce the number of proxied requests

QuotaGuard Static vs QuotaGuard Shield

QuotaGuard offers two products for static IPs:

For most Make scenarios, QuotaGuard Static provides everything you need. Choose Shield if you’re handling protected health information (PHI), payment card data, or have specific compliance requirements where even the proxy provider must not be able to inspect traffic.

Monitoring and Usage

Checking Your Quota

Log in to the QuotaGuard dashboard to view:

• Current monthly usage (request count and bandwidth)
• Remaining quota
• Usage trends over time

Operations Impact

Using a proxy in Make’s HTTP module does not consume extra Make operations. The proxy configuration is a setting within the existing HTTP module, not a separate step.

Ready to Get Started?

Get in touch or create a free trial account.

Get QuotaGuard for Make

View Make Integration Features

Contact Support