QuotaGuard and Bubble.io Integration Guide

QuotaGuard Static IPs allow your Bubble.io applications to send outbound traffic through a load-balanced pair of static IP addresses. Once set up, you can use QuotaGuard’s IPs to connect to firewalled APIs and services that require IP allowlisting.

You do not need QuotaGuard for internal Bubble operations. Connections to Bubble’s built-in database, file storage, and internal workflows work without a proxy. QuotaGuard is for connecting to external services that require a known, static source IP address.

Why Bubble Apps Need Static IPs

Bubble uses a globally distributed cloud infrastructure where outbound traffic originates from thousands of rotating AWS IP addresses. Bubble explicitly states they do not support static outbound IP addresses on standard plans.

This creates problems when your Bubble app needs to connect to:

• External APIs behind corporate firewalls that require IP allowlisting
• Payment gateways that require IP allowlisting for PCI compliance
• Government systems with strict IP-based access controls
• Banking integrations that only accept requests from known IP addresses
• External databases with firewall rules (see Database Access below for important caveats)

The result is connection failures and blocked requests that have nothing to do with your app logic. Your API keys are valid. Your configuration is correct. The external service is simply blocking requests from Bubble’s dynamic IP addresses.

QuotaGuard gives your Bubble app a fixed, verifiable identity that partners can add to their firewall allowlists once.

Native Option: Dedicated Instance (Enterprise Only)

Bubble offers a Dedicated Instance option that provides static outbound IPs. Here’s how it compares to QuotaGuard:

Use Dedicated Instance if you’re already on an Enterprise plan and need isolated infrastructure for other reasons.

Use QuotaGuard if you’re on a Starter ($32/month), Growth, or Team plan. You get the same static IP functionality at a fraction of the cost.

Getting Started

After creating a QuotaGuard account, you will be redirected to your dashboard where you can find your proxy credentials and static IP addresses.

Choose the right proxy region: Bubble’s shared clusters are hosted primarily in AWS US-East-1 (Virginia). Select QuotaGuard’s US-East region to minimize latency.

Your proxy URL will look like this:

http://username:password@us-east-static-01.quotaguard.com:9293

Finding Your Static IPs: Your two static IPs are displayed in the QuotaGuard dashboard. Both IPs are active simultaneously for high availability. Add both to any firewall allowlists you’re configuring on the target service side.

API Connector: The Primary Integration Path

Bubble’s API Connector plugin is the primary way to make outbound HTTP/HTTPS requests. This is the most straightforward way to use QuotaGuard with Bubble, and it covers the majority of use cases.

Setting Up QuotaGuard with the API Connector

Step 1: Get Your QuotaGuard Credentials

1. Log in to your QuotaGuard dashboard
2. Copy your proxy URL: http://username:password@us-east-static-01.quotaguard.com:9293
3. Note your two static IP addresses (you’ll need these for firewall allowlists)

Step 2: Configure Your External Service

Add both of your QuotaGuard static IPs to the firewall allowlist of your external API:

• For corporate APIs: Provide the IPs to your IT team for their firewall
• For payment gateways: Add the IPs in the provider’s IP allowlist settings
• For government/banking APIs: Submit the IPs through the provider’s onboarding process

Step 3: Route Bubble Traffic Through QuotaGuard

The API Connector does not have a native proxy configuration field. You have two options:

Option A: Use a proxy-enabled Bubble plugin

Search the Bubble plugin marketplace for HTTP request plugins that support proxy configuration. Some community plugins allow specifying proxy settings directly, which lets you stay entirely within Bubble’s no-code environment.

Option B: Use an external serverless function

Create a simple AWS Lambda, Google Cloud Function, or Cloudflare Worker that:

1. Receives requests from your Bubble app via the API Connector
2. Forwards them through QuotaGuard to the target API
3. Returns the response to Bubble

This is a common pattern for Bubble apps that need advanced networking features. See the Testing section below for an example Lambda function.

Common API Use Cases

• Payment gateway integration — Financial services often require IP allowlisting. Route payment API calls through QuotaGuard via the API Connector.
• Corporate API access — When connecting to a partner’s internal API behind a corporate firewall, provide your QuotaGuard static IPs for their allowlist. This avoids the need for VPN configurations or Bubble Enterprise upgrades.
• SaaS platform APIs — Any third-party API that restricts access by source IP can be reached through QuotaGuard.

Database Access: Known Limitations

Bubble’s SQL Database Connector cannot be proxied through QuotaGuard. This is an important limitation to understand before choosing an approach for database connectivity.

Bubble’s SQL Database Connector plugin supports PostgreSQL, MySQL, and Microsoft SQL Server. Under the hood, it uses standard database client libraries to make direct TCP connections from Bubble’s servers to your database.

The problem: The SQL Database Connector’s connection string only accepts standard database parameters — host, port, username, password, and database name. There is no way to configure a proxy. This means the connection traffic always originates from Bubble’s rotating AWS IP addresses, regardless of whether you have QuotaGuard configured for other parts of your app.

You cannot simply add QuotaGuard’s IPs to your database firewall and expect Bubble’s SQL connector to route through them. The traffic will still come from Bubble’s dynamic IPs, not from QuotaGuard.

This limitation comes up regularly for Bubble users who need to connect to firewalled databases. Historically, non-enterprise Bubble users have had to either open their database to all public IPs (not recommended for production) or use one of the workarounds below.

Workaround A: Use a Database with an HTTP/REST API (Recommended)

Best for: No-code users who want to stay entirely within Bubble’s native tools.

Many modern database providers offer an HTTP API layer on top of their database. This converts database access into standard HTTP requests, which means Bubble’s API Connector and QuotaGuard work together with no additional middleware.

Examples of databases with HTTP/REST API layers:

• MongoDB Atlas Data API — RESTful interface to MongoDB collections
• Supabase REST API — Auto-generated REST endpoints for PostgreSQL tables
• Hasura — Sits in front of PostgreSQL and provides a GraphQL/REST API
• PlanetScale HTTP API — Serverless MySQL-compatible driver over HTTP
• Xano — Popular no-code backend that exposes REST APIs for database operations

With this approach, configure Bubble’s API Connector to call the database’s HTTP endpoint. Allowlist QuotaGuard’s static IPs on the database provider’s side. No code required.

Workaround B: Serverless Intermediary

Best for: Customers who have some developer resources and need a direct SQL connection to a database that does not offer an HTTP API.

Place a small cloud function between Bubble and the database. Bubble sends an HTTP request to the function via the API Connector. The function connects to the database through QuotaGuard’s SOCKS5 proxy, runs the query, and returns results as JSON.

Bubble App → API Connector → Cloud Function → QuotaGuard → Firewalled Database

This can be built on AWS Lambda, Google Cloud Functions, Cloudflare Workers, or any serverless platform. The function is typically small (30–50 lines of code), but it does require developer involvement to set up and maintain.

Note: If your customer is a no-code user with no developer resources, this approach may not be practical. If you are a no-code user with no developer resources, this approach may not be practical. In that case, Workaround A (HTTP API layer) is usually the better fit, or check whether your database provider already offers a REST interface.

Workaround C: Open Database Firewall (Not Recommended)

Some users work around the IP limitation by allowing connections from all public IPs (0.0.0.0/0) in their database firewall. This removes the need for QuotaGuard entirely but also removes your firewall protection. This may be acceptable for development or testing environments but should not be used for production systems with sensitive data.

QuotaGuard is not needed for this approach.

Inbound Webhooks (Reverse Proxy)

If external services need to send webhooks TO your Bubble app but require a static destination IP for their firewall, QuotaGuard can help with inbound traffic.

Setting Up Inbound Proxy

1. Open your QuotaGuard dashboard
2. Navigate to Setup > Inbound
3. Enter your Bubble webhook URL (e.g., https://your-app.bubbleapps.io/api/1.1/wf/webhook-endpoint)
4. QuotaGuard generates a unique URL like a62b1d0b4983db763450411fd393b3ce-us-east-1.getstatica.com

This URL resolves to your two static IPs. External services can send webhooks to this URL, and QuotaGuard forwards them to your actual Bubble endpoint.

Use Cases for Inbound Proxy

• Stripe webhooks when your payment processor requires outbound IP whitelisting
• Plaid callbacks for banking integrations
• Partner systems that only allow outbound traffic to known IPs

HIPAA and PCI Compliance

Bubble does not sign Business Associate Agreements (BAAs) for HIPAA compliance on shared hosting plans. If you’re building a healthcare app on Bubble’s standard plans, this creates compliance challenges.

QuotaGuard Shield provides:

• End-to-end TLS encryption (SSL passthrough)
• HIPAA-eligible infrastructure
• PCI-DSS compliant data handling
• SOC 2 certified operations

For regulated industries, QuotaGuard Shield at $69/month may be more practical than upgrading to Bubble’s Enterprise plan for a BAA.

Testing Your Implementation

Verify your static IP configuration by making a test request through QuotaGuard.

Test with ip.quotaguard.com

If you’re using a serverless function as your intermediary, you can use this test to confirm traffic is routing correctly:

// Example AWS Lambda test function
const https = require('https');
const { HttpsProxyAgent } = require('https-proxy-agent');

exports.handler = async (event) => {
    const proxyUrl = process.env.QUOTAGUARDSTATIC_URL;
    const agent = new HttpsProxyAgent(proxyUrl);
    
    return new Promise((resolve, reject) => {
        https.get('https://ip.quotaguard.com', { agent }, (res) => {
            let data = '';
            res.on('data', chunk => data += chunk);
            res.on('end', () => resolve({
                statusCode: 200,
                body: data
            }));
        }).on('error', reject);
    });
};

Expected response:

{"ip":"52.34.188.175"}

The returned IP should match one of your two static IPs shown in the QuotaGuard dashboard.

Latency Considerations

Bubble enforces a 30-second timeout on external API calls. QuotaGuard adds minimal latency when properly configured:

The 10-15ms added latency is negligible for most API calls. You will stay well within Bubble’s 30-second timeout.

Recommendation: Always use QuotaGuard’s US-East region for Bubble apps on the default shared cluster.

Troubleshooting

API Requests Still Blocked

1. Confirm the external API has both QuotaGuard IPs allowlisted
2. Check if the API requires additional authentication beyond IP allowlisting
3. Verify your requests are actually routing through QuotaGuard (test with ip.quotaguard.com)

Wrong IP Address Returned

If ip.quotaguard.com returns an unexpected IP:

1. Verify the proxy URL is correctly configured in your plugin or intermediary
2. Check that the https-proxy-agent or equivalent is installed (if using a serverless function)
3. Ensure environment variables are set correctly

407 Proxy Authentication Required

Your credentials are incorrect. Verify:

1. Username and password match your QuotaGuard dashboard
2. No extra spaces or special characters were copied incorrectly
3. The proxy URL format is correct: http://username:password@hostname:9293

Quick Reference

Ready to Get Started?

Get in touch or create a free trial account.

Try QuotaGuard Now

View Bubble.io Integration Features

HIPAA-Compliant Static IPs (QuotaGuard Shield)

Contact Support